7-Fold Rise in Mobile Phone Fraud

It seems that as we spend more time using mobile devices, the fraudsters are following us as a new RSA Security report shows a massive rise in mobile fraud over the last 3 years.

Mobile Phone Fraud Up Nearly 700%!

The latest quarterly report by fraud and risk intelligence experts at RSA Security shows that as the volume of mobile app transactions has risen by 200% since 2015, accordingly the growth rate for fraudulent transactions has increased to a massive 680%.

New Accounts and ‘Burner Phones’

One of the key trends at the heart of the rise in mobile fraud is the apparent rise of the use of fake new accounts and ‘burner / burn phones’ to commit fraud.

A burner / burn phone is a mobile phone handset that is acquired for temporary use, is usually prepaid / without a contract in order to retain the user’s anonymity, and can be discarded if necessary.

Alongside the burner phone, fraudsters are also known to use stolen identities to set up fake ‘money mule’ accounts, purely for the purpose of collecting the cash from their fraudulent activities.

The RSA report shows that new accounts and new devices have been used in this way in 32% of all the fraudulent transactions in the last quarter.

Phishing Still Top

The report shows that phishing is still the top fraudulent activity accounting for 48% of all fraud attacks in Q1 of 2018.

Trojan Malware & Payment Card Compromise

Other popular frauds involve the use of Trojan malware to steal financial credentials. This method was used in one in four fraud attacks in Q1 2018.

Also, using details from compromised cards is still a very common activity among fraudsters, and the RSA researchers who compiled the report claim to have recovered more than 3.1 million unique compromised cards and card details (which included verification numbers) on offer from online sources in Q1.

Mobile App Security

It is believed that poor security in mobile apps is allowing many criminals to hijack mobile applications and siphon off credentials and funds from many unwitting users.

What Does This Mean For Your Business?

These figures show that our increasing use of mobile devices and apps has opened the door to even more channels for fraudsters. There is clearly a responsibility among mobile app developers and those commissioning mobile apps to deliver their services to ensure that security is built-in from the ground up. This should mean making sure that all source code is secure and known bug-free, all data exchanged over app should be encrypted, caution should be exercised when using third-party libraries for code, and only authorised APIs should be used. Also, developers should be building-in high levels of authentication, using tamper-detection technologies, using tokens instead of device identifiers to identify a session, using the best cryptography practices e.g. store keys in secure containers, and conducting regular, thorough testing.

As users of mobile devices and apps, we also need to pay attention to our own levels of security. For example, we can take precautions to stop ourselves from falling victim to mobile fraud by using mobile security and antivirus scan apps, only using trusted apps / trusted app sources, uninstalling old apps and turning off connections when not using them, locking our phones when not in use, using 2-factor authentication, and using a VPN rather than just the free Wi-Fi when out and about.

CALL US ON 0203 005 9650 FOR SUPERIOR CYBER SECURITY

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

 

Instant GDPR Complaints For Web Giants

In an almost inevitable turn of events, the social media and tech giants Facebook, Google, Instagram and WhatsApp faced a barrage of accusations and complaints that they were not compliant within hours of GDPR being introduced on May 25th.

What’s Wrong?

The complaints, spearheaded by Privacy group noyb.eu led by Max Schrems centred around the idea that the tech and social media giants may be breaking the new data protection and privacy guidelines by forcing users to consent to targeted advertising in order to use their services i.e. by bundling a service with the requirement to consent (Article 7(4) GDPR).

GDPR Complaints

It has been reported that the crux of the privacy group’s argument is that, according to GDPR, any data processing that is strictly necessary to use a service is allowed and doesn’t require opting in. If a company then decides to adopt a “take it or leave it approach” by forcing customers to agree to have additional, more wide-reaching data collected, shared and used for targeted advertising, or delete their accounts, the argument is that this goes against GDPR which requires opt-in consent for anything other than any data processing that is strictly necessary for the service.

Austria, Belgium, France and Germany

It is alleged in this case that the four tech giants may be doing just that, and, therefore, could be in breach of the Regulation, and possibly liable to fines if the accusations are upheld after investigation by data protection authorities in Austria, Belgium, France and Germany.

A breakdown of the four complaints over “forced consent” made by noybe.eu shows that in France the complaint has been made to CNIL about Google (Android), in Belgium the complaint has been made to the DPA about Instagram (Facebook), in Germany the complaint has been made to the HmbBfDI about WhatsApp, and in Austria the complaint has been made to DSB about Facebook. Under GDPR, the maximum penalties for this issue could be billions of Euros.

What Does This Mean For Your Business?

Many commentators had predicted that popular tech and social media giants would be among the first organisations to be targeted by complaints upon the introduction of GDPR, and some see these complaints as being the first crucial test of the new law.

GDPR should prohibit companies from forcing customers to accept the bundling of a service with the requirement to consent to giving / sharing more data than is necessary, but it remains to be seen and proven whether these companies are guilty.

As noyb.eu pointed out in their statement, GDPR does not mean that companies can no longer use customer data because GDPR explicitly allows any data processing that is strictly necessary for a service. The complaint, in this case, is that using the data additionally for advertisements or to sell it on, needs the users’ free opt-in consent.

Noybe.eu has also pointed out that, if successfully upheld, their complaints could also mean an end to the kind of annoying and obtrusive pop-ups which are used to claim a person’s consent, but don’t actually lead to valid consent.

Another benefit (if the complaints are upheld) against the tech giants could be that corporations can’t force users to consent, meaning that monopolies should have no advantage over small businesses in this area.

Noybe.eu seem set to keep the pressure on the tech giants, and has stated that its next round of complaints will centre around the alleged illegal use of user data for advertising purposes or “fictitious consent’ e.g. such as when companies recognise “consent” to other types of data processing by solely using their web page.

 IF YOU’RE STRUGGLING WITH GDPR CALL US ON 0203 005 9650 FOR SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Now You Can Opt-Out Of Having Your Medical Data Shared

The introduction of GDPR on 25th May has brought with it a new national data opt-out service which enables people to use an online tool to opt out of their confidential patient information being used beyond their own individual care for research and planning.

Replacement

The new ‘Manage Your Choice’ online tool that is a part of the national data opt-out service, follows recommendations by the National Data Guardian (NDG) Dame Fiona Caldicott, and is a replacement for the previous ‘type 2’ opt-out that was introduced on 29th April 2016. That opt-out service meant that NHS Digital would remove certain patient records from data provided where a patient had requested an opt-out.

About The New National Opt-Out Service

The new service applies to those patients in England who are aged 13 or over, and have an NHS number e.g. from previous treatment. Opting out using the new service will not apply to your health data where you have accessed health or care services outside of England, such as in Scotland and Wales.

The opt-out service covers data-sharing by any organisation providing publicly-funded care in England. This includes private and voluntary organisations, and only children’s social care services are not covered.

Using The Online Tool

The online tool for opting-out can be accessed at:

https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/

To use the online tool, you will (obviously) need access to the Internet, and access to your email or mobile phone to go through the necessary steps.

What Else Is Your Medical Data Used For?

According to the NHS, as well as being used for patient care purposes, confidential patient information is also used to plan and improve health and care services, and to research and develop cures for serious illnesses. The NHS has stressed that, for much of the time, anonymised data is used for research and planning, so your confidential patient information often isn’t needed anyway.

The NHS currently collects health and care data from all NHS organisations, trusts and local authorities. Data is also collected from private organisations e.g. private hospitals providing NHS funded care. Research bodies and organisations can also request access to this data. These bodies and organisations include university researchers, hospital researchers, medical royal colleges, and even pharmaceutical companies researching new treatments.
Past Controversy

The new service is likely to be welcomed after several past data-sharing controversies dented trust in the handling of personal data by the NHS. For example, NHS Digital were criticised after agreeing to share non-clinical information, such as addresses or dates of birth, with the Home Office, and a report highlighted how the Home Office used patient data for immigration enforcement purposes.

Also, there were serious public concerns and an independent panel finding a “lack of clarity” in a data-sharing agreement after it was announced that Royal Free Hospital in London shared the data of 1.6 million people with Google’s DeepMind project without the consent of those data subjects.

What Does This Mean For Your Businesses?

The introduction of GDPR has been an awareness raising, shake-up exercise for many businesses and organisations, and has driven the message home that data privacy and security for clients / service users is an important issue. Where our medical data is concerned, however, we regard this as being particularly private and sensitive, and the fact that it could be either shared with third-parties without our consent, or stolen / accessed due to poor privacy / security systems and practices is a source of genuine worry. For example, many people fear that whether shared or stolen, their medical data could be used by private companies to deny them services or to charge more for services e.g. insurance companies. Data breaches and sharing scandals in recent times mean that many people have lost trust in how many companies and organisations handle their everyday personal data, let alone their medical data.

The introduction of this new service is likely to be welcomed by many in England, and it is likely that the opt-out tool will prove popular. For the NHS, however, if too many people choose to opt-out, this could have some detrimental effect on its research and planning.

GDPR will continue to make many companies and organsiations focus on which third-parties they share data with, and how these relationships could affect their own compliance.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Alexa Recorded and Sent Private Conversation

A US woman has complained of feeling invaded after a private home conversation was recorded by her Amazon’s Alexa voice assistant, and then sent it to a random phone contact … who happened to be her husband’s employee.

What did Alexa do?

As first reported by US news outlet KIRO 7, the woman identified only as ‘Danielle’ had a conversation about hardwood flooring in the privacy of her own home in Portland, Oregon. Unknown to her, however, in a serious security flaw, her Amazon’s voice assistant Alexa, via her Amazon Echo, not only recorded a seemingly ‘random’ conversation, but then sent the voice recording to a random phone contact without being expressly asked to do so.

The woman was only made aware that she had been recorded when she was contacted by her husband’s employee, who lives over 100 miles away in Seattle, who was able to tell her the subject of her recent conversation.

How Could It Have Happened?

Last year Amazon introduced a service whereby Amazon Echo users could sign up to the Alexa Calling and Messaging Service from the Alexa app. This means that all of the contacts saved to your mobile phone are linked to Alexa automatically, and you can call and message them using voice commands via your Echo.

In the case of the woman from Portland, Amazon has reportedly explained the incident as being the result of an “unlikely” string of events which were that:

  • Her Alexa started recording her voice after it registered as hearing its name or another “wake word” (chosen by users)
  • Subsequently, in the following conversation (about hardwood floors), Alexa registered part of the recorded conversation as being a ‘send message’ request
  • Alexa would / should have said at that point, out loud, ‘To whom?’
  • It is believed that Alexa then interpreted part of the background conversation as a name in the woman’s phone contact list
  • The selected contact was then sent a recorded message of the private conversation
Investigated

The woman requested a refund for her voice assistant device, saying that she felt invaded.

Amazon has reportedly apologised for the incident, has investigated what happened, and has determined that the flaw was an extremely rare occurrence. Amazon is, however, reported to be taking steps to avoid this from happening in the future.

Not The First Time

Amazon’s intelligent voice assistant Alexa has made the news in the past for some unforeseen situations that helped to perpetuate the fears of users that their home devices’ had a security flaw that could have a more sinister dimension and / or could malfunction or be used to invade privacy. For example, back in 2016, US researchers found that they could hide voice commands in white noise played over loudspeakers and through YouTube videos in order to get smart devices to turn on flight mode or open a website. The researchers also found that they could embed voice commands directly into recordings of music or spoken text.

Also, although Amazon was cleared by an advertising watchdog, there was the case of the television advert for its Amazon’s Echo Dot smart speaker activating a viewer’s device and placing an order for cat food.

What Does This Mean For Your Business?

Although it may have been a series of events resulting in a ‘rare’ occurrence, the fact is that this appears to be a serious matter relating to the privacy of users that is likely to re-ignite many of the fears of home digital assistants being used as listening devices, or could be hacked and used to gather personal information that could be used to commit crime e.g. fraud or burglary.
If the lady in this case was an EU citizen, it is likely that Amazon could have fallen foul of the new GDPR and, therefore, potentially liable to a substantial fine if the ICO thought it right and necessary.

Adding the Alexa Calling and Messaging service to these devices was really just the beginning of Amazon’s plans to add more services until we are using our digital assistants to help with many different and often personal aspects of our lives e.g. from ordering goods and making appointments, to interacting with apps to control the heating in the house, and more. News of this latest incident could, therefore, make some users nervous about taking the next steps to trusting Amazon’s Alexa with more personal details and important aspects of their daily lives.

Amazon may need to be more proactive and overt in explaining how it is addressing the important matters of privacy and security in its digital assistant and devices in order to gain the trust that will enable it to get an even bigger share in the expanding market, and successfully offer a wider range of services via Alexa and Echo devices.

CALL US ON 0203 005 9650 FOR SUPERIOR CYBER SECURITY

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

92 Carphone Warehouse Branch Closures

Dixons Carphone, owners of Carphone Warehouse stores has highlighted people not renewing their handsets as frequently and a declining market for long-term mobile contracts as 2 main reasons for the planned closures of 92 stores.

Carphone Warehouse Profits Hit – Shares Down

The decision to close 92 of its more than 700 Carphone Warehouse stores this year was announced by Dixons Carphone after a warning that the next year’s profits could be down £82 million led to shares in the company falling 20.7%. Share values had already fallen by 30% over the last 12 months,

92 Store Closures but No Jobs Lost?

The human cost of store closures would ordinarily be those employed in the condemned 92 stores (part of a 42,000 workforce worldwide). In this case, Dixons Carphone has stated that no jobs will be lost because staff will be offered the opportunity to move to larger outlets nearby.

Sales Up

The gloomy prediction disguised the fact that total sales were actually 3% higher in the year to 16 April, while like-for-like sales were up 4%, and the sales were up by 2% for the year as a whole, and by 1% in the fourth quarter. International sales e.g. Nordic countries and Greece outstripped those in the UK.

Even though pre-tax profit is expected to come in at £382m, this is actually dramatically down from the £501m in 2017.

What Happened?

According to reported comments by new boss of only 8 weeks, Alex Baldock, that even though it is acknowledged that performance has not been good, the problems are all “fixable”.

Market commentators have noted that a fall in the value of the pound (in the wake of Brexit) has made mobile handsets more expensive. Also, technical innovation has slowed, giving shoppers less reason to update their phones, meaning that they have been hanging onto their current handsets for longer.

SIM Free Popular

Market analysts have noted that there is unlikely to be a boost in the market for long-term mobile contracts any time soon. This is partly because many consumers have been opting for the alternative of SIM free phones in an attempt to keep costs down and get the best deals. Sales of SIM free is one area where Dixons Carphone will need to improve in order to make the most of market trends.

A SIM free phone is sold (unlocked) without any SIM card or network attached, so people buy the phone and then choose a SIM only deal for their calls and data, and can choose whichever network they like. The benefits are the ability to own the handset outright and take out a SIM only deal, thereby reducing the cost of a monthly plan as you are only paying the network for your minutes, texts and data allowance. Also, SIM only can give greater flexibility, with 1-month rolling contracts and 12-month contracts are now being commonplace.

What Does This Mean For Your Business?

Many UK businesses, like Dixons Carphone, will have felt the pressure of consumers reeling in some of their spending in the wake of the fall in the value of the pound after the Brexit vote. Also, as in the case of Dixons Carphone, they’re in a market where so much innovation has been focused on phones and their features in recent years that consumers are going to be reluctant to swap unless the new model offers a new technological jump or can give them features that significantly add value.

High street retailers / well-known bricks-and-mortar retailers have taken a battering in recent times (e.g. store closures at e.g. Carpetright, New Look, Mothercare, Byron, Jamie’s Italian Marks & Spencer, and soon House of Fraser, and Carluccio’s) as consumers move more towards online digital. A recent British Retail Consortium (BRC) report, for example, showed that footfall in retail stores fell by 3.3% in April 2018 compared to last year because of a shift in consumer behaviour towards digital shop visits rather than physical ones.

Many retailers have realised that to fight back they must rebalance investment in physical and digital infrastructure, and change the way stores are used e.g. by adopting technology to engage people, and to make stores more like centres for experiences rather than just places for purchasing goods. This is particularly important for younger consumer groups.

In the case of Dixons Carphone, new boss Baldock hasn’t really elaborated beyond saying that the business had been too inward-looking and distracted. As part of his proposed fixes for the problems, Baldock has said that the group would also now be investing £30m in improving customer service by retraining staff in stores and at its call centres, and that it would try to renegotiate contracts with mobile networks to reflect the slowdown in phone sales i.e. to adapt to market trends. Presumably, the company will also benefit from increased efficiency after closing the 42 stores.

In today’s challenging environment, as well as simply investing, retailers must now try to embrace technology in the right way as an opportunity to deliver more value to customers whether in store, at home or on the move. Retail commentators frequently talk about the importance of the need to create a seamless customer experience between online and offline, and to develop an omni-channel platform. Improving and optimising the current experience that retailers offer customers, and replicating these as effectively as possible across all channels could be the key to staying competitive in the evolving retail business environment.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Tech Tip – One Handed Keyboard on an iPhone

If you’ve struggled to use the keyboard on an iPhone and found it a little unwieldy, or had difficulty reaching across the entirety of the iPhone keyboard when you have only one hand free, here’s a tip to adjust the size and position of the keyboard in iOS 11 so you can use it with just one hand.

How to add a one-handed iPhone keyboard

– Hold down the emoji / globe icon on the iPhone keyboard

– Three small keyboard icons will appear

– Selecting the one with an arrow pointing to the right will shift the keyboard to the right, and selecting the one pointing to the left will shift the keyboard to the left.

– To put the iPhone keyboard back to normal, tap the arrow in the blank space that’s created by the keyboard shift, or hold down the emoji icon again and select the ‘centre’ icon.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Facial Recognition For Schools and the Classroom

A school in Hangzhou, capital of the eastern province of Zhejiang, is reportedly using facial recognition software to monitor pupils and teachers.

Intelligent Classroom Behaviour Management System

The facial recognition software is part of what has been dubbed The “intelligent classroom behaviour management system”. The reason for the use of the system is reported to be to supervise both the students’ learning, and the teachers’ teaching.

How?

The system uses cameras to scan classrooms every 30 seconds. These cameras are part of a facial recognition system that is reported to be able to record students’ facial expressions, and categorize them into happy, angry, fearful, confused, or upset.

The system, which acts as a kind of ‘virtual teaching assistant’, is also believed to be able to record students’ actions such as writing, reading, raising a hand, and even sleeping at a desk.

The system also measures levels of attendance by using a database of pupils’ faces and names to check who is in the classroom.

As well as providing schools with added value monitoring of pupils, it may also prove to be a motivator for pupils to modify their behaviour to suit the rules of the school and the expectations of staff.

Teachers in Schools Watched Too

In addition to monitoring pupils, the system has also been designed to monitor the performance of teachers in order to provide pointers on how they could improve their classroom technique.

Safety, Security and Privacy

One other reason why these systems are reported to be increasing in popularity in China is to provide greater safety for pupils by recording and deterring violence and questionable practices at Chinese kindergartens.

In terms of privacy and security, the vice principal of the Hangzhou No.11 High School is reported to have said that the privacy of students is protected because the technology doesn’t save images from the classroom, and stores data on a local server rather than on the cloud. Some critics have, however, said that storing images on a local server does not necessarily make them more secure.

Inaccurate Facial Recognition?

If the experiences of the facial recognition software that has been used by UK police forces is anything to go by, there may be questions about the accuracy of what the Chinese system records. For example, an investigation by campaign group Big Brother Watch, the UK’s information Information Commissioner, Elizabeth Denham, has recently said that the Police could face legal action if concerns over accuracy and privacy with facial recognition systems are not addressed.

What Does This Mean For Your Business?

There are several important aspects to this story. Many UK businesses already use their own internal CCTV systems as a softer way of monitoring and recording staff behaviour, and as a way to modify their behaviour i.e. simply by knowing their being watched. Employees could argue that this is intrusive to an extent, and that a more positive way of getting the right kind of behaviour should (also) have a system that rewards positive / good behaviour and good results.

Using intelligent facial recognition software could clearly have a place in many businesses for monitoring customers / service users e.g. in shops and venues. It could be used to enhance security. It could also, as in the school example, be used to monitor staff in any number of situations, particularly those where concentration is required and where positive signals need to be displayed to customers. These systems could arguably increase productivity, improve behaviour and reduce hostility / violence in the workplace, and provide a whole new level of information to management that could be used to add value.

However, it could be argued that using these kinds of systems in the workplace could make people feel as though ‘big brother’ is watching them, could lead to underlying stress, and could have big implications where privacy and security rights are concerned. It remains to be seen how these systems are justified, regulated and deployed in future, and how concerns over accuracy, cost-effectiveness, and personal privacy and security are dealt with.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

Slack Actions adds integrations with third party developers

Chat App Slack has announced the introduction of a new Actions feature that makes it easier for users to create and finish tasks without leaving by having access to more 3rd party tools.

slack, actions

What Is Slack?

Slack, launched way back in 2013, is a Silicon Valley-produced, cloud-based set of proprietary team collaboration tools and services. It provides mobile apps for iOS, Android, Windows Phone, and is available for the Apple Watch, enabling users to send direct messages, see mentions, and send replies.

Slack teams enable users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner. It was intended as an organisational communication tool, but it has gradually been morphing into a community platform i.e. it is a business technology that has crossed-over into personal use.

In March 2018, Slack and financial and human capital management firm Workday formed a partnership that allowed Workday customers to access features from directly within the Slack interface. Slack is believed to have 8 million daily active users.

What Is ‘Actions’ and How Does It Help?

The new tool / feature – dubbed Actions – will bring enterprise developers deeper into Slack, because it allows for better / more integration with enterprise software from third-party software providers, such as Jira, HubSpot, and Asana.

Slack knows that many users now like to choose what software they use to get their job done, and the Actions feature will, therefore, be of extra value to 90% of Slack’s 3 million paid users who regularly use apps and integrations.

Actions can be accessed using a click or tap of any Slack message, require no slash commands, and are being made available to all developers using the platform to deploy bots and integrations. To begin with, Actions will be displayed based on what individuals use most frequently.

What Does This Mean For Your Business?

If you or your business uses Slack, the interoperability of these systems resulting from integration between software from third-parties with the Actions tool means that you have greater choice in what software you use to complete your tasks without having to leave Slack. This offers time and cost saving benefits, as well as a considerable boost in convenience.

Slack knows that there are open source and other alternatives out there, and the addition of Actions will help Slack to provide more valuable tools to users, thereby helping it to retain loyalty and compete in a rapidly evolving market.

Tech Tip – Enable ‘Do Not Track’ In Microsoft Edge

Microsoft edge, do not track

If you want the general added security of not being tracked when you’re browsing without having to switch to full security incognito mode, here’s how to enable ‘Do Not Track’ in Microsoft Edge:

– For Microsoft Edge, click on the three horizontal dots at the top right.

– Click on ‘Settings’ at very bottom.

– Click on ‘View advanced settings’ at the bottom.

– Scroll down to the Privacy and Services section, and toggle the ‘Send Do Not Track’ requests option.

– This should mean that all HTTP and HTTPS requests will include ‘Do Not Track’.

CALL US ON 0203 005 9650 FOR SUPERIOR IT SUPPORT

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals. 

BYODs Linked To Security Incidents

A study by SME card payment services firm Paymentsense has shown a positive correlation between bring your own device (BYOD) schemes and increased cyber security risk in SMEs.

BYOD

Bring your own device (BYOD) schemes / policies have now become commonplace in many businesses, with the BYOD and enterprise mobility market size growing from USD $35.10 Billion in 2016 to USD $73.30 Billion by 2021 (marketsandmarkets.com).

BYOD policies allow employees to bring in their personally owned laptops, tablets, and smart-phones and use them to access company information and applications, and solve work problems. This type of policy has also fuelled a rise in ‘stealth IT’ where employees go outside of IT and set up their own infrastructure, without organizational approval or oversight, and can, therefore, unintentionally put corporate data and service continuity at risk.

BYOD, work mobile, security

Positive Correlation Between BYOD and Security Incidents

The Paymentsense study, involving more than 500 SMEs polled in the UK found a positive correlation between the introduction of a BYOD policy and cyber-security incidents. For example, 61% of the SME’s said that they had experienced a cyber-security incident since introducing a BYOD policy.

According to the study, although only 14% of micro-businesses (up to 10 staff) reported a cyber-security incident since implementing BYOD, the figure rises to 70% for businesses of 11 to 50 people, and to 94% for SMEs with 101 to 250 employees.

Most Popular Security Incidents

The study showed that the most popular types of security incidents in the last 12 months were malware, which affected two-thirds (65%) of SMEs, viruses (42%), DDoS distributed denial of service (26%), data theft (24%), and phishing (23%).

Positive Side

The focus of the report was essentially the security risks posed by BYOD. There are, however, some very positive reasons for introducing a BYOD policy in the workplace. These include convenience, cost saving (company devices and training), harnessing the skills of tech-savvy employees, perhaps finding new, better and faster ways of getting work done, improved morale and employee satisfaction, and productivity gains.

Many of these benefits are, however, inward-focused i.e. on the company and its staff, rather than the wider damage that could be caused to the lives of data breach victims or to the company’s reputation and profits if a serious security incident occurred.

What Does This Mean For Your Business?

This is a reminder that, as well as the benefits of BYOD to the business, if you allow employees or other users to connect their own devices to your network, you will be increasing the range of security risks that you face. This is particularly relevant with the introduction of GDPR on Friday.

For example, devices belonging to employees but containing personal data could be stolen in a break-in or lost while away from the office. This could lead to a costly and public data breach. Also, allowing untrusted personal devices to connect to SME networks or using work devices on untrusted networks outside the office can put personal data at risk.
Ideally, businesses should ensure that ensure that personal data is either not on the device in the first place, or has been appropriately secured so that it cannot be accessed in the event of loss or theft e.g. by using good access control systems and encryption.

Businesses owners could reduce the BYOD risk by creating and communicating clear guidelines to staff about best security practices in their daily activities, in and out of the office. Also, it is important to have regular communication with staff at all levels about security, and having an incident response plan / disaster recovery plan in place can help to clarify responsibilities and ensure that timely action is taken to deal with situations correctly if mistakes are made.

CALL US ON 0203 005 9650 FOR SUPERIOR CYBER SECURITY

Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.