$600 billion – that’s the global cost of cybercrime, and rising, according to a recent study by software security provider McAfee.
This year has already seen the theft of 150-million usernames, passwords and email addresses from Under Armour’s MyFitnessPal app, and an attack that claimed the personal information of Reddit users, just to name two high-profile cases. Canadian companies are far from immune. In May of this year, the data of nearly 90,000 BMO and CIBC customers was compromised.
A study conducted by IDC Canada, which provides intelligence and advisory services to the IT market, suggests that nearly nine in 10 Canadian companies were breached by a cyber attack last year. The study found that the average company spends $3.7 million in direct and indirect costs to recover from security breaches.
The techniques and targets of hacks and attacks vary, but a growing vulnerability is a workforce’s mobile technology. Each device or mobile account that’s connected to a company’s network serves as a potential entry point for attackers.
“Security is the top challenge organizations face in mobility adoption,” explained Steve Yang, a senior mobility analyst for IDC.
While the modern workplace functions more efficiently thanks to the proliferation of mobile technology, it’s up to employers to ensure that their staff are exercising safe cyber practices. Two-thirds of Canadian executives cite costly and damaging cyber attacks as their top business risk, according to survey by professional services firm EY.
“Organizations should focus on deploying an integrated mobility strategy, to be in a better position to prevent mobile-related data leaks and exposures,” says Mr. Yang.
An effective mobile security strategy starts with basic best practices. That includes regularly changing passwords on corporate accounts and devices, avoiding unsecured access points (like using public Wi-Fi with devices employees bring into the workplace), and staying on top of security software updates.
Terry Halvorsen, the Chief Information Officer and Executive Vice President of Samsung North America’s IT and Mobile Business-to-Business Group, says that while some attacks are highly sophisticated, most take advantage of weaknesses that are widely known and easily fixable.
For instance, companies sometimes fail to update applications with the latest security patches. It’s also common to see the same passwords for multiple accounts, shared passwords, and passwords that contain personal identifying information. Mr. Halvorsen says such shortcomings are the cyber equivalent of leaving your home’s front door unlocked. Sooner or later, someone is going to get inside.
“The first thing I tell CEOs is to make sure they have a good education system," says Mr. Halvorsen, “I recommend tactics like sending tests to employees with questions about cyber basics. If they get it right, send them a reward; if they get it wrong, suspend their access until they go through the next level of training.”
Many data breaches occur when a personal account or device is compromised, and then connected to a corporate network. A recent study of 500 UK-based small businesses, conducted by Paymentsense, found that 61 per cent experienced a security incident after allowing employees to bring their personal devices to work.
“You want networks where people can join fairly easily, but you need to have a level of security that is consistent with the sensitivity of the data,” says Mr. Halvorsen. “That means you want to take advantage of the security features on the devices themselves.”
As what Samsung calls the Next Mobile Economy grows, the company has been at the forefront of measures like biometric security, including iris and fingerprint scans. The Samsung Knox platform is built into all of its smartphones (as well as tablets), and consists of overlapping defense and security mechanisms that help protect against intrusion, malware and more malicious threats. All data is encrypted by default, with the encryption key stored in a secure area in the device’s chipset.
“Most people think of the Internet as a benign safe place,” says Mr. Halvorsen. “It’s not when you are moving data around on your mobile phone.”
He says that Samsung is also currently the only mobile device manufacturer that offers what’s called secure containers, which keep personal and private data separated on mobile devices.
“On my phone right now I have a personal space where I can put all of my apps, then I have a first level business space. Because I'm a CIO and EVP, I even have a third tier space for the most sensitive corporate data,” he says. “With a Samsung device I can have those three containers and there's no way data can go between them.”
Should one of the “containers” on Mr. Halvorsen’s phone become compromised, the breach won’t spread to the others, keeping his most sensitive data more secure.
With the high value of data, and the frequency of data breaches, the right corporate policies can help ensure that smartphones aren’t the weak link in defenses against cyber attacks.
Advertising feature produced by Globe Content Studio. The Globe’s editorial department was not involved.