SlideShare a Scribd company logo

CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf

K
kostikjaylonshaewe47

The document discusses the growing trend of 'bring your own device' (BYOD) in workplaces, highlighting the cybersecurity risks associated with personal mobile devices used for corporate functions. It categorizes specific threats, including physical access, malicious code, device attacks, communication interception, and insider threats, which compromise corporate data and security. The document also emphasizes the need for robust policies and practices to mitigate these risks while addressing productivity challenges stemming from mobile device usage at work.

Education
1 of 4
Download to read offline
1
2
3
4
CASE STUDY: There is a new phenomenon in the cybersecurity domain called: “Bring Your Own Device (BYOD)” where employees can bring their personal devices at work and connect using the Wi-Fi to the organization’s network. Many employers are allowing their employees to use their personal mobile device for enterprise functions such as corporate email, work applications, etc. While this may save the company costs, the organization’s network remains vulnerable. A company can only monitor so much that’s on an employee personal device; Assess the threats, the vulnerabilities, and the impacts on an organization’s information systems posed by the use of mobile devices at work. What can be done to fix it at the policy level, technology level, and infrastructure level? Solution Employees aren't just bringing their mobile devices to the workplace — they're living on them. A 2015 study by Bank of America found that 55 percent of respondents sleep with their smartphones on their nightstands to avoid missing a call, text message or other update during the night. The devices are also the first thing on their minds in the morning: while 10 percent reported thinking of their significant other, 35 percent reserved their first thought of the day for their smartphone. As smartphones and tablets become constant companions, cyber attackers are using every avenue available to break into them. Many people expect that iPhone or Android devices are secure by default, when in reality it is up to the user to make security configuration changes. With the right (inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30 seconds and either mirror the device and see everything on it, or install malware that will enable them to siphon data from it at their leisure. The nature and types of cyber attacks are evolving rapidly, and mobile devices have become a critical part of enterprise cyber-security efforts with good reason. Analysts predict that by 2018, 25 percent of corporate data will completely bypass perimeter security and flow directly from mobile devices to the cloud. Chief information security officers (CISOs) and other security executives are finding that the proliferation of mobile devices and cloud services present a significant barrier to effective breach response. In order to secure the corporate data passing through or residing on mobile devices, it is imperative to fully understand the issues they present. 5 Security Risks and a Surprising Challenge The threat and attack vectors for mobile devices are largely composed of retargeted versions of attacks aimed at other endpoint devices. These risks can be categorized into five areas.
1. Physical access Mobile devices are small, easily portable and extremely lightweight. While their diminutive size makes them ideal travel companions, it also makes them easy to steal or leave behind in airports, airplanes or taxicabs. As with more traditional devices, physical access to a mobile device equals “game over.” The cleverest intrusion-detection system and best anti-virus software are useless against a malicious person with physical access. Circumventing a password or lock is a trivial task for a seasoned attacker, and even encrypted data can be accessed. This may include not only corporate data found in the device, but also passwords residing in places like the iPhone Keychain, which could grant access to corporate services such as email and virtual private network (VPN). To make matters worse, full removal of data is not possible using a device’s built-in factory reset or by re-flashing the operating system. Forensic data retrieval software — which is available to the general public — allows data to be recovered from phones and other mobile devices even after it has been manually deleted or undergone a reset. 2.Malicious Code Mobile malware threats are typically socially engineered and focus on tricking the user into accepting what the hacker is selling. The most prolific include spam, weaponized links on social networking sites and rogue applications. While mobile users are not yet subject to the same drive-by downloads that PC users face, mobile ads are increasingly being used as part of many attacks — a concept known as “malvertising." Android devices are the biggest targets, as they are widely used and easy to develop software for. Mobile malware Trojans designed to steal data can operate over either the mobile phone network or any connected Wi-Fi network. They are often sent via SMS (text message); once the user clicks on a link in the message, the Trojan is delivered by way of an application, where it is then free to spread to other devices. When these applications transmit their information over mobile phone networks, they present a large information gap that is difficult to overcome in a corporate environment. 3.Device Attacks Attacks targeted at the device itself are similar to the PC attacks of the past. Browser-based attacks, buffer overflow exploitations and other attacks are possible. The short message service (SMS) and multimedia message service (MMS) offered on mobile devices afford additional avenues to hackers. Device attacks are typically designed to either gain control of the device and access data, or to attempt a distributed denial of service (DDoS). 4.Communication Interception Wi-Fi-enabled smartphones are susceptible to the same attacks that affect other Wi-Fi-capable devices. The technology to hack into wireless networks is readily available, and much of it is accessible online, making Wi-Fi hacking and man-in-the-middle (MITM) attacks easy to perform. Cellular data transmission can also be intercepted and decrypted. Hackers can exploit
weaknesses in these Wi-Fi and cellular data protocols to eavesdrop on data transmission, or to hijack users’ sessions for online services, including web-based email. For companies with workers who use free Wi-Fi hot spot services, the stakes are high. While losing a personal social networking login may be inconvenient, people logging on to enterprise systems may be giving hackers access to an entire corporate database. 5.Insider Threats Mobile devices can also facilitate threats from employees and other insiders. Malicious insiders can use a smartphone to misuse or misappropriate data by downloading large amounts of corporate information to the device’s secure digital (SD) flash memory card, or by using the device to transmit data via email services to external accounts, circumventing even robust monitoring technologies such as data loss prevention (DLP). The downloading of applications can also lead to unintentional threats. Most people download applications from app stores and use mobile applications that can access enterprise assets without any idea of who developed the application, how good it is, or whether there is a threat vector through the application right back to the corporate network. The misuse of personal cloud services through mobile applications is another issue; when used to convey enterprise data, these applications can lead to data leaks that the organization remains entirely unaware of. Mobile security threats will continue to advance as corporate data is accessed by a seemingly endless pool of devices, and hackers try to cash in on the trend. Making sure users fully understand the implications of faulty mobile security practices and getting them to adhere to best practices can be difficult. Many device users remain unaware of threats, and the devices themselves tend to lack basic tools that are readily available for other platforms, such as anti- virus, anti-spam, and endpoint firewalls. The Productivity Challenge: Blessing, or Curse? Increasing worker productivity is the leading factor driving bring your own device (BYOD) program deployment. It may therefore seem surprising that a 2015 CareerBuilder study of top ten productivity killers at work ranked cell phones as the number one thing causing people to waste time at the office. Mobile devices enable workers to accomplish tasks wherever and whenever they choose, but they can be distracting. Flitting between numerous screens and apps and continuously checking email and Twitter feeds is enough to disrupt even the most focused employee. “It is an epidemic," Lacy Roberson, Learning and Organization Development Director at eBay has said. At most companies, it's a struggle "to get work done on a daily basis, with all these things coming at you.” In order to avoid the inevitable—people checking in on their devices and checking out of conversations — organizations like eBay have implemented a no-device policy for certain meetings. Even the White House is facing an inappropriate phone use problem. In an
article entitled “How To Get People Off Their Phones In Meetings Without Being A Jerk”, Forbes detailed the President’s phone-drop protocol: before meeting with him, cabinet members attach yellow sticky notes with their names to their cell phones and leave them in a basket before entering the room. While office distractions are nothing new, the lure of 24/7 social-networking streams and email alerts that accompany mobile devices is intensifying the problem. Meeting the Mobility Challenge Mobile device threats are increasing and can result in data loss, security breaches and regulatory compliance violations. You can take a number of steps to reduce the risks they pose and address related productivity issues and legal, privacy, and security requirements. These steps are similar to those involved with other security issues — such as robust program and policy creation, communication, risk assessment, technology implementation, and continuous monitoring and evaluation — but are tailored to the unique challenges associated with mobile devices. With well-supported mobility and security awareness programs in place, your organization can keep users happy and your network secure, so you can compete effectively in today’s mobile-first environment. In a recent audit by one of our client they advised to block mobile phones inside office campus since the client fears that employees will take snapshots of client data,So we decided to block the usage of cellphones inside campus what would be the best way to implement it,The problems which we might face were : we thought of implementing cellphone jammer but many of employees were handling clients through mobile phones, but in other side if we allow mobile phones inside campus for the employees whom attending client calls will raise discrimination b/w employees possible solutions we discussed were : other than above,what would be the best method to implement it?

More Related Content

PDF
Report on Mobile security
Kavita Rastogi
 
PDF
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
PDF
Securing mobile devices in the business environment
IBM Software India
 
PPTX
CS_UNIT 2(P3).pptx
GaytriDhingra1
 
PDF
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
PDF
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
PDF
Article on Mobile Security
Tharaka Mahadewa
 
PDF
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 
Report on Mobile security
Kavita Rastogi
 
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Securing mobile devices in the business environment
IBM Software India
 
CS_UNIT 2(P3).pptx
GaytriDhingra1
 
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
Article on Mobile Security
Tharaka Mahadewa
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 

Similar to CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf (20)

PDF
Blue Coat 2013 Systems Mobile Malware Report
Content Rules, Inc.
 
PDF
State ofmobilesecurity
Gary Sandoval
 
PDF
3 data leak possibilities that are easy to overlook
Peter Hewer
 
PDF
Survey On Mobile User’s Data Privacy Threats And Defence Mechanism
vivatechijri
 
PDF
IRJET- Android Device Attacks and Threats
IRJET Journal
 
PDF
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Signals Defense, LLC
 
PDF
Cn35499502
IJERA Editor
 
PDF
4514ijmnct01
ijmnct
 
PDF
Security attacks taxonomy on
ijmnct
 
PDF
Mobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
Zeroblack
 
PDF
Security Threats for SMBs
GFI Software
 
PDF
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
PDF
Mobile security article
Kulani Mahadewa
 
PPTX
vyber security on different fields bullying .pptx
SantoshChinchali1
 
PPTX
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
PPTX
Top Security Threats to Look Out for in 2023
K7 Computing Pvt Ltd
 
DOCX
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
PDF
Top 6-Security-Threats-on-iOS
Innovation Network Technologies: InNet
 
PDF
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
DOCX
Protecting Intellectual Property in the Age of WikiLeaks
SocialKwan
 
Blue Coat 2013 Systems Mobile Malware Report
Content Rules, Inc.
 
State ofmobilesecurity
Gary Sandoval
 
3 data leak possibilities that are easy to overlook
Peter Hewer
 
Survey On Mobile User’s Data Privacy Threats And Defence Mechanism
vivatechijri
 
IRJET- Android Device Attacks and Threats
IRJET Journal
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Signals Defense, LLC
 
Cn35499502
IJERA Editor
 
4514ijmnct01
ijmnct
 
Security attacks taxonomy on
ijmnct
 
Mobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
Zeroblack
 
Security Threats for SMBs
GFI Software
 
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Mobile security article
Kulani Mahadewa
 
vyber security on different fields bullying .pptx
SantoshChinchali1
 
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
Top Security Threats to Look Out for in 2023
K7 Computing Pvt Ltd
 
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Top 6-Security-Threats-on-iOS
Innovation Network Technologies: InNet
 
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
Protecting Intellectual Property in the Age of WikiLeaks
SocialKwan
 
Ad

More from kostikjaylonshaewe47 (20)

PDF
Which of the following organisms are similar to amoeboids in their lo.pdf
kostikjaylonshaewe47
 
PDF
Which of the following are true More than one answer may be correct.pdf
kostikjaylonshaewe47
 
PDF
What was the Noble Prize winning advance that saved the magnetic rec.pdf
kostikjaylonshaewe47
 
PDF
What is difference between the Tariff and tax SolutionDifferen.pdf
kostikjaylonshaewe47
 
PDF
What are the most likely point in nutrient media preparation or later.pdf
kostikjaylonshaewe47
 
PDF
Toss a fair coin three times. Let X denote the number of heads in fi.pdf
kostikjaylonshaewe47
 
PDF
TIA-569 lists six different areas or spaces where cabling is run. Li.pdf
kostikjaylonshaewe47
 
PDF
This is a c++ binary search program I worked so far but still cant g.pdf
kostikjaylonshaewe47
 
PDF
There are two large plants in the authors’ yard a yucca tree and an.pdf
kostikjaylonshaewe47
 
PDF
The seaport town of New Monopoly has become extremely popular with sh.pdf
kostikjaylonshaewe47
 
PDF
The figure below shows a series of SNP loci (A-O) loci for two strai.pdf
kostikjaylonshaewe47
 
PDF
The climatic stability hypothesis for the change in biodiversity with.pdf
kostikjaylonshaewe47
 
PDF
Table 14.2 Primitive and Advanced Features of Nonvascular Plants as T.pdf
kostikjaylonshaewe47
 
PDF
Solar energy is channeled by molecular vibration from... to the ..pdf
kostikjaylonshaewe47
 
PDF
report “Rabbits and Wolves”Discuss the changes in parameters and how.pdf
kostikjaylonshaewe47
 
PDF
prove thisSolutionSuppose that A is a product of element.pdf
kostikjaylonshaewe47
 
PDF
Our task this week is to diagnose patients who come in with various .pdf
kostikjaylonshaewe47
 
PDF
number of lines should be included in the last page of the paper aft.pdf
kostikjaylonshaewe47
 
PDF
Modify the code below so that two separate listener classes are used .pdf
kostikjaylonshaewe47
 
PDF
Lie detector tests are notoriously flawed. Assume that a particular .pdf
kostikjaylonshaewe47
 
Which of the following organisms are similar to amoeboids in their lo.pdf
kostikjaylonshaewe47
 
Which of the following are true More than one answer may be correct.pdf
kostikjaylonshaewe47
 
What was the Noble Prize winning advance that saved the magnetic rec.pdf
kostikjaylonshaewe47
 
What is difference between the Tariff and tax SolutionDifferen.pdf
kostikjaylonshaewe47
 
What are the most likely point in nutrient media preparation or later.pdf
kostikjaylonshaewe47
 
Toss a fair coin three times. Let X denote the number of heads in fi.pdf
kostikjaylonshaewe47
 
TIA-569 lists six different areas or spaces where cabling is run. Li.pdf
kostikjaylonshaewe47
 
This is a c++ binary search program I worked so far but still cant g.pdf
kostikjaylonshaewe47
 
There are two large plants in the authors’ yard a yucca tree and an.pdf
kostikjaylonshaewe47
 
The seaport town of New Monopoly has become extremely popular with sh.pdf
kostikjaylonshaewe47
 
The figure below shows a series of SNP loci (A-O) loci for two strai.pdf
kostikjaylonshaewe47
 
The climatic stability hypothesis for the change in biodiversity with.pdf
kostikjaylonshaewe47
 
Table 14.2 Primitive and Advanced Features of Nonvascular Plants as T.pdf
kostikjaylonshaewe47
 
Solar energy is channeled by molecular vibration from... to the ..pdf
kostikjaylonshaewe47
 
report “Rabbits and Wolves”Discuss the changes in parameters and how.pdf
kostikjaylonshaewe47
 
prove thisSolutionSuppose that A is a product of element.pdf
kostikjaylonshaewe47
 
Our task this week is to diagnose patients who come in with various .pdf
kostikjaylonshaewe47
 
number of lines should be included in the last page of the paper aft.pdf
kostikjaylonshaewe47
 
Modify the code below so that two separate listener classes are used .pdf
kostikjaylonshaewe47
 
Lie detector tests are notoriously flawed. Assume that a particular .pdf
kostikjaylonshaewe47
 
Ad

Recently uploaded (20)

PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
RMMM.pdf make it easy to upload and study
sajedul2
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 

CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf

  • 1. CASE STUDY: There is a new phenomenon in the cybersecurity domain called: “Bring Your Own Device (BYOD)” where employees can bring their personal devices at work and connect using the Wi-Fi to the organization’s network. Many employers are allowing their employees to use their personal mobile device for enterprise functions such as corporate email, work applications, etc. While this may save the company costs, the organization’s network remains vulnerable. A company can only monitor so much that’s on an employee personal device; Assess the threats, the vulnerabilities, and the impacts on an organization’s information systems posed by the use of mobile devices at work. What can be done to fix it at the policy level, technology level, and infrastructure level? Solution Employees aren't just bringing their mobile devices to the workplace — they're living on them. A 2015 study by Bank of America found that 55 percent of respondents sleep with their smartphones on their nightstands to avoid missing a call, text message or other update during the night. The devices are also the first thing on their minds in the morning: while 10 percent reported thinking of their significant other, 35 percent reserved their first thought of the day for their smartphone. As smartphones and tablets become constant companions, cyber attackers are using every avenue available to break into them. Many people expect that iPhone or Android devices are secure by default, when in reality it is up to the user to make security configuration changes. With the right (inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30 seconds and either mirror the device and see everything on it, or install malware that will enable them to siphon data from it at their leisure. The nature and types of cyber attacks are evolving rapidly, and mobile devices have become a critical part of enterprise cyber-security efforts with good reason. Analysts predict that by 2018, 25 percent of corporate data will completely bypass perimeter security and flow directly from mobile devices to the cloud. Chief information security officers (CISOs) and other security executives are finding that the proliferation of mobile devices and cloud services present a significant barrier to effective breach response. In order to secure the corporate data passing through or residing on mobile devices, it is imperative to fully understand the issues they present. 5 Security Risks and a Surprising Challenge The threat and attack vectors for mobile devices are largely composed of retargeted versions of attacks aimed at other endpoint devices. These risks can be categorized into five areas.
  • 2. 1. Physical access Mobile devices are small, easily portable and extremely lightweight. While their diminutive size makes them ideal travel companions, it also makes them easy to steal or leave behind in airports, airplanes or taxicabs. As with more traditional devices, physical access to a mobile device equals “game over.” The cleverest intrusion-detection system and best anti-virus software are useless against a malicious person with physical access. Circumventing a password or lock is a trivial task for a seasoned attacker, and even encrypted data can be accessed. This may include not only corporate data found in the device, but also passwords residing in places like the iPhone Keychain, which could grant access to corporate services such as email and virtual private network (VPN). To make matters worse, full removal of data is not possible using a device’s built-in factory reset or by re-flashing the operating system. Forensic data retrieval software — which is available to the general public — allows data to be recovered from phones and other mobile devices even after it has been manually deleted or undergone a reset. 2.Malicious Code Mobile malware threats are typically socially engineered and focus on tricking the user into accepting what the hacker is selling. The most prolific include spam, weaponized links on social networking sites and rogue applications. While mobile users are not yet subject to the same drive-by downloads that PC users face, mobile ads are increasingly being used as part of many attacks — a concept known as “malvertising." Android devices are the biggest targets, as they are widely used and easy to develop software for. Mobile malware Trojans designed to steal data can operate over either the mobile phone network or any connected Wi-Fi network. They are often sent via SMS (text message); once the user clicks on a link in the message, the Trojan is delivered by way of an application, where it is then free to spread to other devices. When these applications transmit their information over mobile phone networks, they present a large information gap that is difficult to overcome in a corporate environment. 3.Device Attacks Attacks targeted at the device itself are similar to the PC attacks of the past. Browser-based attacks, buffer overflow exploitations and other attacks are possible. The short message service (SMS) and multimedia message service (MMS) offered on mobile devices afford additional avenues to hackers. Device attacks are typically designed to either gain control of the device and access data, or to attempt a distributed denial of service (DDoS). 4.Communication Interception Wi-Fi-enabled smartphones are susceptible to the same attacks that affect other Wi-Fi-capable devices. The technology to hack into wireless networks is readily available, and much of it is accessible online, making Wi-Fi hacking and man-in-the-middle (MITM) attacks easy to perform. Cellular data transmission can also be intercepted and decrypted. Hackers can exploit
  • 3. weaknesses in these Wi-Fi and cellular data protocols to eavesdrop on data transmission, or to hijack users’ sessions for online services, including web-based email. For companies with workers who use free Wi-Fi hot spot services, the stakes are high. While losing a personal social networking login may be inconvenient, people logging on to enterprise systems may be giving hackers access to an entire corporate database. 5.Insider Threats Mobile devices can also facilitate threats from employees and other insiders. Malicious insiders can use a smartphone to misuse or misappropriate data by downloading large amounts of corporate information to the device’s secure digital (SD) flash memory card, or by using the device to transmit data via email services to external accounts, circumventing even robust monitoring technologies such as data loss prevention (DLP). The downloading of applications can also lead to unintentional threats. Most people download applications from app stores and use mobile applications that can access enterprise assets without any idea of who developed the application, how good it is, or whether there is a threat vector through the application right back to the corporate network. The misuse of personal cloud services through mobile applications is another issue; when used to convey enterprise data, these applications can lead to data leaks that the organization remains entirely unaware of. Mobile security threats will continue to advance as corporate data is accessed by a seemingly endless pool of devices, and hackers try to cash in on the trend. Making sure users fully understand the implications of faulty mobile security practices and getting them to adhere to best practices can be difficult. Many device users remain unaware of threats, and the devices themselves tend to lack basic tools that are readily available for other platforms, such as anti- virus, anti-spam, and endpoint firewalls. The Productivity Challenge: Blessing, or Curse? Increasing worker productivity is the leading factor driving bring your own device (BYOD) program deployment. It may therefore seem surprising that a 2015 CareerBuilder study of top ten productivity killers at work ranked cell phones as the number one thing causing people to waste time at the office. Mobile devices enable workers to accomplish tasks wherever and whenever they choose, but they can be distracting. Flitting between numerous screens and apps and continuously checking email and Twitter feeds is enough to disrupt even the most focused employee. “It is an epidemic," Lacy Roberson, Learning and Organization Development Director at eBay has said. At most companies, it's a struggle "to get work done on a daily basis, with all these things coming at you.” In order to avoid the inevitable—people checking in on their devices and checking out of conversations — organizations like eBay have implemented a no-device policy for certain meetings. Even the White House is facing an inappropriate phone use problem. In an
  • 4. article entitled “How To Get People Off Their Phones In Meetings Without Being A Jerk”, Forbes detailed the President’s phone-drop protocol: before meeting with him, cabinet members attach yellow sticky notes with their names to their cell phones and leave them in a basket before entering the room. While office distractions are nothing new, the lure of 24/7 social-networking streams and email alerts that accompany mobile devices is intensifying the problem. Meeting the Mobility Challenge Mobile device threats are increasing and can result in data loss, security breaches and regulatory compliance violations. You can take a number of steps to reduce the risks they pose and address related productivity issues and legal, privacy, and security requirements. These steps are similar to those involved with other security issues — such as robust program and policy creation, communication, risk assessment, technology implementation, and continuous monitoring and evaluation — but are tailored to the unique challenges associated with mobile devices. With well-supported mobility and security awareness programs in place, your organization can keep users happy and your network secure, so you can compete effectively in today’s mobile-first environment. In a recent audit by one of our client they advised to block mobile phones inside office campus since the client fears that employees will take snapshots of client data,So we decided to block the usage of cellphones inside campus what would be the best way to implement it,The problems which we might face were : we thought of implementing cellphone jammer but many of employees were handling clients through mobile phones, but in other side if we allow mobile phones inside campus for the employees whom attending client calls will raise discrimination b/w employees possible solutions we discussed were : other than above,what would be the best method to implement it?