User-Owned Smartphones May Expose Confidential Information
In today’s world of cloud storage, content services, and document sharing across large geographical distances and time zones, employees who use their private smart phones to share and collaborate on company-proprietary documents could put confidential data at risk.
Using publicly available searches on the Internet, security experts at Adversis, “discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers,” who use Box. The list of companies and the type of data exposed was staggering. Among the data found were passport photos and bank account numbers. 13 Experts contend this was not the result of a software bug, but a user-defined feature of the service that was not being used correctly.
When a user decides she will work on a document on her smart phone, she sends a link directly from her Box account to her smart phone. This is a web link that can live on in cyberspace as an unprotected link to that document without anyone even being aware of it. The fix for this type of breach is the retraining of employees to use strict document sharing policies. In other words, implement sharing policies that make it nearly impossible to use your own device with a service such as Box without a buy-in from those who manage the content management systems.
