The widespread use of mobile devices has created a new attack surface for hackers and cybercriminals. As the mobile enterprise grows, the difficulty level of securing applications and networks that mobile devices use also increases.
This brings a unique challenge to the workplace. Healthcare organizations spend vast amounts of time and money on cyber security, ensuring they are doing the best they can to prevent networks from being breached and data from being compromised. Many of them don’t realize the threat created by allowing mobile devices onto the local network.
Mobile Device Use: BYOD
Popularity of mobile devices has escalated exponentially in the past five years. Healthcare users are a large part of this new mobile market. In the business world, going mobile has plenty of benefits. Adoption of mobile infrastructures in large organizations is becoming more popular. Despite the spike in global usage, mobile device security has not received adequate attention.
Mobile applications and infrastructures are especially vulnerable to attack and intrusion. Often, organizations allow employees to bring their own tablets, laptops, cell phones, and other mobile devices to work under a policy called “Bring Your Own Device” (BYOD), and connect them to the company network. This policy adds convenience, but with great risk.
The Impact of BYOD on Security
Security holes are opened in expensive networks, and are taken advantage of by hackers to gain access for profit. When these personal devices connect to the network, they are often unsecured and provide a gateway to the internal network where critical hardware exists and personal health information (PHI) is stored.
Vulnerabilities in mobile applications and networks can often be mitigated with solutions that are time and money conscious. Properly testing an application for security during development is the best method. It can remove holes in a framework that otherwise would go unnoticed.
Although, there is always a chance that security bugs are going to found post-implementation. This is why remediation management and end point protection are important. Every organization should have policy in place with regard to BYOD.
New Security Threats
New threats spawn everyday from hackers, organized crime cartels, business competitors, and hostile governments. The need for mobile security measures being put in place grows simultaneously. Attack methods used on desktops and laptops are now transformed for mobile devices and they propose a serious threat due to lack of mobile security. While adding convenience through smartphones, tablets, and other devices, the mobile enterprise is still an emerging technology that is vulnerable to hackers.
A solution we are starting to see to curb the security threats is an increased trend toward SYOD (Select Your Own Device) where the organization offers employees a variety of options while still being able to standardize configurations.
This is a reasonable compromise for most organizations. It costs more than allowing providers and staff the ability to BYOD, but it is minimal when compared to costs associated with breach of PHI. As the Community Health Systems 4.5 million record breach illustrates, attackers are out there, and they are motivated to get YOUR data.
Your BYOD Plan
Discuss your current BYOD plan and what your security might be missing with one of our consultants.