Credit: Smartphone Image via Shutterstock
Bringing your own device (BYOD) to work is a great way for businesses to stay in touch, save time and keep tabs on what's happening even when the employees or owner are away.
But that increased efficiency doesn't necessarily translate into savings. A recent report found that 79 percent of small businesses experienced mobile security incidents — including data theft and accidental data loss — costing 45 percent of small to medium-size businesses more than $100,000 in the last year.
In spite of the costs, the Check Point mobile security survey said 63 percent of businesses still don't manage corporate information stored on employees' personal devices even though almost all companies are adding them to their networks — a practice that's becoming more common.
"It's not enough to use cutting-edge security technology, you also need to educate your employees on the importance of reporting device loss and mobile data loss, Check Point mobile security expert Scott Emo said in an email. "We've all seen the high-profile cases of a new iPhone prototype left in a bar or a banker's laptop stolen from a car. But your sales staff or administrative assistant may not realize the gravity of reporting a loss immediately if they simply misplaced their smartphone in the back of a cab."
It's much more important to focus on protecting the data stored on the device, rather than the device itself, Emo said. Mobile devices may be expensive, but they're replaceable. Data often isn't, and if stolen, can lead to all sorts of other collateral consequences that include fines and loss of consumer confidence and proprietary business secrets.
This year, 53 percent of companies said they store customer information such as credit cards, addresses, phone numbers and Social Security numbers on mobile devices representing a 6 percent increase from the year before. But if that information becomes compromised, noncompliance laws can hit businesses with steep fines and make them responsible for compensating customers for any damage or theft. And although fines sting, the loss or theft of a client list, secret recipe, blueprint or business plan and damage to a company's reputation can be so much worse.
Businesses need to make sure employee data is secure as well. "Personal mobile devices that contain other employees' information and run on company networks are entry points for criminals looking to steal anything from credit card information to bank account passwords to SIM card numbers," Emo said. "If your small business bank account gets hacked because your smartphone is stolen or an employee's personal credit card number is compromised because it was shared by mobile email to book travel, it can cost you."
Training employees to be vigilant against attacks and establishing and enforcing common-sense mobile security policies, like data encryption and passcode protection, goes a long way toward limiting who can see what's stored on a device and helps keep data incidents and costs down.