Employees with digital devices can become the targets of hackers and thieves. Risk managers are feeling that heat.
More and more, people are walking sources of data, some trivial, some highly confidential. It’s in their iPhones or their laptops or the tablets they carry from home or from work.
In recent years, a Minnesota hospital and a nonprofit in the health field separately had laptops stolen that contained patient information, including Social Security numbers. A department store had credit card information stolen.
Protecting that data is a new cottage industry.
Christopher Jeffrey is a partner in the Minneapolis office of the accounting and advisory firm of Baker Tilly who works with corporate clients in reducing the potential for data breaches. Jeffrey and Washington, D.C.-based Baker Tilly senior manager Mike Cullen last week talked to the Star Tribune about the security challenges in this data-driven world.
Q: How would you describe the level of interest in mobile device security these days?
Jeffrey: It’s a conversation that I’m having with most of my clients right now. I currently have three to four projects involving the mobile device issue. This is an issue that is hitting the audit committee and senior management levels of my clients. Look at workers — everyone is carrying an iPhone or an iPad or a laptop. Many carry two or three of those devices and more and more security is something that companies have to deal with.
Cullen: There’s a recognition now by companies that data has a real value for consumers, for competitors.
Q: How long has this issue been percolating?
Jeffrey: It’s something that started coming up in the last couple of years but in the last eight to 12 months corporate boards and senior management have realized that there is a risk here that they need to be concerned with.
Q: How do you address those risks?
Jeffrey: It starts with good internal policies and procedures. People are bringing their own devices to the workplace and you need to know how that phone, for instance, interacts with your IT system. You need a procedure to manage each employee’s devices that allows the company to wipe data from a phone if it is lost or stolen or shut the port.
We have an app called Airwatch for an iPhone. Data is never actually in the phone. It’s like accessing a website. It allows me to view data instead of storing it. The IT department can shut the app off if need be.
Cullen: The number of devices per person has exploded. There’s literally a new iPhone every month, which leads to issues with security. Solutions like Airwatch allow us to manage different devices.
Q: Are there horror stories about data breaches?