Bring Your Own Device: Dangers



Bring Your Own Device: Dangers[Author Name(s), First M. Last, Omit Titles and Degrees][Institutional Affiliation(s)]Bring Your Own Device: DangersThe universal use of technology gadgets is a common practice that doubles as a convenient way to access and store information. However, a conflict surfaces when personal technology gadgets are used as media to access data that is privileged, that is, that should not be shared. This occurs when we use our home computers, personal smartphones, tablets, or even personal access accounts to obtain information straight from our workplaces. Both, the personal information of the user as well as the data protected by an organization should also remain private. Hence, organizations everywhere must have a protocol in place to impede the use of personal technology to access information that is not open to the public. This analysis will show the dangers of the Bring Your Own Device (BYOD) trend. (Information Commissioner’s Office, ‘ICO’ 2017)BYOBBYOB is the tendency to bring personal devices from home to access information from work computers. Although this practice is convenient for employees, and some employers, the fact remains that the data administrators are ultimately the key people responsible for maintaining the safety and security of the information. (Reuters, 2017)According to the Data Protection Act (DPA) of 1998, all data administrators must have a system in place and a protocol that takes steps to safeguard data. It also requires consequences for unlawful data access, destruction of information, or the accidental loss of it. This entails that these data administrators have a task of protecting information from being accessed or shared, but it also means protecting that the safety of the information of the user. As such, controlling the devices that can gain access to data is then the priority in an effective technology action plan. (Davies, Schiller, Wheeler, 2011 p. 307)Key problems with accessing dataAt the center of the problem with BYOD is that the data that is usually protected by the information technology (IT) department, is now in the hands of whoever owns the device that is being used to access data. This data becomes stored in the user’s personal device, which is protected only by its owner. As a personal device, this gadget may or may not use methods by which information is protected such as:Encryption, or the hiding of characters when information is transferred from one device to anotherPassword protection, or the requirement of a specific code to access documentsBlocking users, or a system to prevent others from accessing informationGeneral safety issues, such as losing or misplacing the device containing sensitive data. (Davies, Schiller, Wheeler, 2011(D, p. 70)According to Davies, Schiller and Webster, these steps are part of an effective IT auditing team that is based on early involvement, conducts informal audits, engages in knowledge sharing, and continuously self-assesses how effective their protocols and regulations are in safeguarding information. Early involvement includes training people to prevent issues. Informal audits entail consistent monitoring and checking. Knowledge sharing is the sending of reminders, bulletins, and constant safety notes for people to keep abreast of changes. Self-assessment involves the IT department’s monitoring of the effectiveness of their own practices for safety and security of data. (Davies, Schiller, Wheeler, 2011, p. 9)Potential conflictsThe potential conflicts that arise from acquiring data on personal technology devices include the possibility of the gadget being stolen and information being leaked. Another conflict is that the information that was once safeguarded with proper protection software can be now accessed by anyone with nothing to masque or hide it. In specific job settings, such as the medical fields, this entails accessing patient information, which is protected by the Health Insurance Portability and Accountability (HIPPAA) Act. A leak of information of this nature exposes personal data, medical information and will hold the organization liable (Davies, Schiller, Wheeler, 2011 p. 40)Issues with technology used to access data Another issue, aside from the access and protection of information, is the nature of the items used to access data. The best practice is to conduct auditing of mobile devices and other items used for accessing company data. These include universal serial bus (USB) cables and drives, compact discs (CDs), microchip readers, cellphones, tablets, and laptops. Should any of those items be infected with a malware, spamming, or phishing virus, chances are the hardware will collaterally infect surrounding devices that are wirelessly connected together (Davies, Schiller, Wheeler, 2011 p. 304.)Issues with users: malware, phishing, and spammingMany of the issues concerning data accessing are created strictly by users. Some gadget owners may not be familiar with safe internet search practices, or may not care to follow proper internet practices even after being trained to do so. They conduct unsafe internet inquiries, or access untrustworthy websites that may infect their devices with malware. Malware is software that is designed to purposely deactivate, disable and/or damage computer systems. When a computer system is disabled, data could be exposed. Therefore, it is prone to stolen, replicated, spread illegally, or used for other sinister purposes. The power that technology holds over our society is of such magnitude that disabling any component of technology will, undoubtedly, pose inconvenient and serious safety and security repercussions. (ICO, 2017)Some websites contain “phishing” algorithms, or programs designed to sift out personal information from users, such as bank account and credit card information. For instance, an employee that uses his or her personal device may use the same password for everything, including the keeping of work data. A phishing algorithm can catch up on this practice and steal information from the user. Spamming, another problem that comes up when using the Web, is when a “bot” or program designed to enter people’s computers, starts to bombard computer systems with requests ranging from commercials, to lures for customers to spend money in specific products. Receiving a large number of emails, internet adds, requests for “chats,” or mentions of one same thing or product, is usually a sign of spamming. (Reuters, 2017)Possible solutionsSince all IT administrators must have a plan in place, the ideal scenario is for all employees to be held accountable for following it. They must sign agreements, commit to follow the company guidelines, and get consequences if the protocols are broken. Ongoing training should be provided to ensure that everyone is informed ahead of using technology to access data. Moreover, monitoring and data access points must be controlled. Only specific personnel with trusted credentials should be the ones trying to extract, add, or take away data in the first place.A second solution is to limit the type of gadgets allowed for usage. Controlling devices will help limit the chances to expose data to potential malware. It also limits the number of places that store important information. For example, IT may prohibit the use of personal USB flash drives and microchip readers because they are more likely to get lost or misplaced at home. Instead, IT may encourage the use of company flash drives that get stored in-house, which is safer and less risky. (Davies, Schiller, Wheeler, 2017 p. 306)A third solution is deciding what kind of data will be accessible to others, where will it be stored (secret vs open drive), and how it will be transferred (encryption, password-protected). For example, personal data should be off-limits at all times, so there is no way to provide access to any of that for others. Then, a special drive should be opened where accessible information will be available. This is a drive denominated by the IT department where copies of specific data are posted for others to use. It is a central place for everyone to go to. Then, a system to masque the characters of usernames, passwords, and transferring info should activate when people do request the data that is accessible and save it in their devices. (Davies, Schiller, Wheeler, 2011 p. 308.)Finally, IT must have a good action plan that follows what to do in the event that someone accidentally deletes data, saves it the wrong way, or alters it. It is up to the department to keep a copy of all files, and to have a specific way to explain users how the data will be used, and to what extend it can be manipulated or changed. ConclusionThe most important lesson to be learned is that data access is, ultimately, controlled and monitored by human beings. As such, mistakes in the handling, access, storage, and spread of data are very likely to happen. Issues such as malware, phishing, spamming, or even the wrong manipulation of data are entirely possible. These problems are preventable, but everyone who uses technology is equally prone to suffer from them. For this reason, it is the key responsibility of the IT department to have a strong system of rules and protocols in place in the event that data is used for erroneous reasons and in wrong ways. Consequences must happen to those who tamper with the safety of data. Moreover, there must be control of access as well as control in the way that data is accessed. Limiting devices is one of the key alternatives to avoid further problems. ReferencesDavies, M., Schiller, C. Wheeler, K. (2011). IT Auditing: Using Controls to Protect Information Assets New York: McGraw Hill. Retrieved from December 6, 2017Information Commissioner’s Office (ICO) Bring Your Own Device (BYOD) Data Act of 1998. Retrieved from the ICO website on December 6, 2017.Reuters, Thomson Bring Your Own Device (BYOD) Practical LawRetrieved from the Reuters’ website HYPERLINK "(sc.Default)&firstPage=true&bhcp=1" (sc.Default)&firstPage=true&bhcp=1on December 6, 2017Footnotes1[Add footnotes, if any, on their own page following references. For APA formatting requirements, it’s easy to just type your own footnote references and notes. To format a footnote reference, select the number and then, on the Home tab, in the Styles gallery, click Footnote Reference. The body of a footnote, such as this example, uses the Normal text style. (Note: If you delete this sample footnote, don’t forget to delete its in-text reference as well. That’s at the end of the sample Heading 2 paragraph on the first page of body content in this template.)]TablesTable 1[Table Title]Column HeadColumn HeadColumn HeadColumn HeadColumn HeadRow Head123123123123Row Head456456456456Row Head789789789789Row Head123123123123Row Head456456456456Row Head789789789789Note: [Place all tables for your paper in a tables section, following references (and, if applicable, footnotes). Start a new page for each table, include a table number and table title for each, as shown on this page. All explanatory text appears in a table note that follows the table, such as this one. Use the Table/Figure style, available on the Home tab, in the Styles gallery, to get the spacing between table and note. Tables in APA format can use single or 1.5 line spacing. Include a heading for every row and column, even if the content seems obvious. A default table style has been setup for this template that fits APA guidelines. To insert a table, on the Insert tab, click Table.]Figures title:Figure 1. [Include all figures in their own section, following references (and footnotes and tables, if applicable). Include a numbered caption for each figure. Use the Table/Figure style for easy spacing between figure and caption.]For more information about all elements of APA formatting, please consult the APA Style Manual, 6th Edition. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download