Do employees’ smartphones & tablets threaten company data? #Interview

It’s no secret that smartphone and tablet apps can access personal and private information on users’ devices but beyond the apps how big of a threat are the actual devices and what can be done about them?

With more users accessing work data through their personal smart devices the threat that they, including laptops, pose to users’ and their employers’ data, is largely underestimated.

Modern Myths

Having an antivirus app on smartphones is not enough if data is sent through an unsecured Wi-Fi network.  Android, as well as Apple, devices are susceptible to sniffing.

It’s not just hackers that are after your data; legitimate companies collect user data for their corporate use or for resale.

Users need to protect their devices from viruses and protect them from losing information during transfer.

Hotspot

We spoke to David Gorodyansky (@AnchorFreeDavid), the co-founder and CEO of AnchorFree, the company behind Hotspot Shield about these mobile myths.  Hotspot Shield, which is available for Android, iOS, Windows, and Mac, creates a virtual private network securing data travelling between users’ devices and the web.

Since launching on the Apple Store in November 2011 and the Google Play Market in May 2012 the application has been downloaded over 1 million times.  The PC and Mac versions have been downloaded over 70 million times.

Are consumers aware that smart devices pose risks to their privacy?

I think people in general are probably not as aware as they should be about the risks to their privacy; and the risks are pretty significant.  Last year there were 10 million identity theft victims in the United States alone.  Obviously if you are using an unencrypted Wi-Fi network it is extremely easy to sniff passwords, bank account details, your Facebook password, your identity, and all the sites you’re visiting.

So, the risks are huge and people are not really aware yet.  With that said AnchorFree’s Hotspot Shield […] has been downloaded over 70 million times for PC and Mac and over 1 million times on Android and iOS, so from that point of view people are not as aware as they should be but they are getting more aware.

When it comes to employees using their own devices for work, should employers or employees be taking the charge in looking after security?

I think it should be coming from both; I definitely think that companies should encourage their employees to secure their information and personal data online.

It’s really the web that companies and consumers should think about protecting.  Most viruses get onto your device from the web, so you have companies protecting your device but not protecting your web, and that’s a really big problem.

I just wrote on my blog on Inc today that most companies have antivirus software to protect their devices, even their Android devices, but they have no software to protect the web [online activities].  So while these old, heavy, antivirus systems have been effective in protecting [devices] nobody has been around protecting the identity of the user or protecting everything the user does online, [such as] all the domains they visit.

Historically, it’s always been the device that’s been protected.  So, Hotspot Shield doesn’t protect the device as such, we leave that to the antivirus companies, we protect everything the user does online; from their personal identity, the domains they visit, their passwords, their personal banking information.

What damage can hackers do to your device; we saw the case last month of the Wired reporter whose Apple account was hacked in quite an elaborate way.

I think that hackers can do a lot. Let’s say you’re on an unencrypted Wi-Fi network and you visit your bank account, they could sniff your passwords.  They could easily steal your financial information and your identity.

But let’s put hackers aside; as you browse the web third parties are collecting everything you’re doing and selling it.   So, you have the risk of hackers taking your identity and private data and you have the risk of third parties reselling your information.

Companies can lose a ton of data, anything an employee does [with their device] essentially.  If an employee is uploading files, or if employees are communicating internally, all that data can be easily compromised unless it’s encrypted.

And the thing is it is so easy to encrypt everything that you do, it’s almost foolish not to do it.  Everybody has a lock on their door at home but people need a lock on their door online too.

When people ask us, ‘Who do you protect your users against? we always say, the bad guys, the good guys, and ourselves.’  We build our technology so that we don’t know who our users are, so if someone gave us a subpoena we have no idea who our users are and we have no idea of identifying our users.

Mobile security is extremely important, there are already more mobile devices than computers and mobile threats are going to increase.  It’s not just an Android problem, while Apple devices are secure – again the device is secure -but your browsing and everything you do online is not secure.

Featured image via Bigstockphoto.com