Chapter 8 Securing Information Systems 353 INTERACTIVE SESSION: TECHNOLOGY BYOD: A Security Nightmare? Bring your own device has become a huge trend, share files. There are also many instances where with half of employers with mobile computing tools cmployees are using Dropbox to store and exchange at workplaces worldwide using their own device files without their employers' approval. in early 2015 This figure is expected to increase even more in the Dropbox had to patch a security flaw that allowed years to come. But while use of the iPhone, iPad, and cyberattaches to steal new information uploaded other mobile computing devices in the workplace to accounts through compromised third-party apps is growing, so are security problema. Quite a few that work with Dropbox services on Android devices security experts believe that smartphones and other There's very little a company can do to prevent mobile devices now one of the most serious employees who are allowed to use their smartphones security threats for organizations today, from downloading corporate data so they can work Whether mobile devices are company assigned or on those data remotely, employee-owned, they are opening up new avenues Text messaging and other mobile messaging tech- for accessing corporate data that need to be closely nologies are being used to deliver all kinds of scam monitored and protected Sensitive data on mobile campaigns, such as adult content and rogue phan devices travel both physically and clectronically, macy, phishing and banking scams, and text mes from the office to home and possibly other off-site sages have been a propagation medium for Trojan locations. According to a February 2016 Ponemon horses and worms. A malicious source is now able Instituto study of 58 U.S. IT and security profession- to send a text message that will open in a mobile als, 67 percent of those surveyed reported that it was browser by default, which can be madily utilized to certain or likely that an employee's mobile access exploit the recipient to confidential corporate data had rooted in a data To date, deliberate hacker attacks on mobile breach. Unfortunately, only 41 percent of respon devices have been limited in scope and impact, dents said their companies had policies for accessing but this situation is worsening, Android is now the corporate data from mobile devices world's most popular operating system for mobile More than half of security breaches occur when devices with a percent of the global market, and devices are lost or stolen. That puts all of the per most mobile malware is targeted at the Android plat- sonal and corporate data stored on the device, as well form. When corporate and personal data are stored as access to corporate data on remote servers, at risk. on the same device, mobile malware unknowingly Physical access to mobile devices may be a greater installed by the user could find its way onto the cor- threat than hacking into a network because less porate network effort is required to gain entry Experienced attack Apple uses a closed walled garden model for ers can easily circumvent passwords or locks on managing its apps and reviews cach one before mobile devices or access encrypted data. Moreover, releasing it on its App Store. Android applica- many smartphone se leave their phones totally tion security has been weaker than that for Apple unprotected to begin with or fail to keep the security devices, but it is improving Android application features of their devices up to date. In the Websense socurity uses sandboxing, which contines apps, mini- and the Poncmon Institute's Global Study on Mobil mixing their ability to affect one another or manipu ity Risks, 59 percent of respondents reported that late device features without user permission. Google employees circumvented or disabled security foa. removes any apps that break its rules against mali tures such as passwords and key locks cious activity from Google Play, its digital distribu- Another worry today is large-scale data leakage tion platform that serves as the official app store for caused by use of cloud computing services. Employ- the Androsd operating system. Google also vets the ces are increasingly using public cloud services such backgrounds of developers. Recent Android security as Google Drive or Dropbox for file sharing and col- enhancements include assigning varying levels of laboration. Valiant Entertainment, Cenoric Projects, trust to each app, dictating what kind of data an app Vita Coco, and BCBGMAXAZRIAGROUP are among can access inside its contined domain, and providing the companies allowing employees and freelance a more robust way to store cryptograpitic credentials contractors to use Dropbox for Business to post and used to access sensitive information and resources