BYOD firms without a policy face 'security nightmare', warns security exec
Companies that allow their employees to bring their own devices to work without instituting a BYOD policy could face a "security nightmare," warned Harry Sverdlove, chief technology officer at security firm Bit9.
Without a policy in place, IT departments not only risk losing control over business data, but also risk being the target of attacks using that lost data, such as corporate emails and contact lists, Sverdlove wrote in a blog on IT Pro Portal.
Sverdlove cited a study conducted by Bit9 which analyzed more than 400,000 Android apps in the Google (NASDAQ: GOOG) Play marketplace and found that 72 percent of those apps ask for permissions that give the apps access to private data or control over the phone's functions.
In addition, Bit9 found that 25 percent of those 400,000 apps were "suspicious" because they performed "questionable tasks and have access to private data." This is a major problem for enterprises that allow BYOD, he stressed.
Sverdlove recommended that companies encourage staff to consider carefully permission requests from apps they are preparing to download.
"Don't automatically check 'Yes' to every request and be cautious if, for example, a wallpaper app asks to use GPS data. Consumers needn't be paranoid that every app is a potential threat, but they should be aware of the possibility and act responsibly," he advised.