Analysts from Gartner have predicted that by 2017, the focus of endpoint breaches will be predominately mobile devices such as smartphones and tablets. Their prediction makes sense – after all, the firm estimated that 2.2 billion smartphones and tablets were sold in 2014.
The growing number of mobile devices makes the threat of data breaches ever more likely. Many of these data breaches won’t be the result of hackers, say Gartner analysts. They believe that 75% of breaches will be due to the misconfiguration of mobile apps.
With these sobering statistics in mind, businesses can no longer say, “Data breaches can’t happen here.” Not only are data breaches possible, they are probable. Organizations must implement a plan to prevent data breaches, although they must also have a strategy in place for when a data breach takes place.
What to Do after a Data Breach Takes Place
Once you have determined that a data breach affecting mobile devices has taken place, there are several critical steps you must take to mitigate the damage.
The first step is to determine how the breach took place. Was it the result of a lost or stolen device? Did a hacker launch an attack on your company?
Secondly, the corporation’s security team must figure out the extent of the breach. They should be able to assess what information was on the device, the sensitivity of the data, whether the data was encrypted or not, if the device and information can be recovered, and whether or not further data will be exposed.
Similarly to a network data breach, the third step is to fix the problem. When it comes to mobile devices, a two-pronged approach might be necessary. Implementing an enterprise mobility management system is part of the solution. This software protects confidential corporate information, determines which apps are safe, and allows users to access shared content without putting the company at risk. However, it is equally important to educate users about device and data loss prevention. A knowledgeable workforce is the first line of defense against threats.
Notification about Data Breaches
Many jurisdictions have enacted legislations requiring organizations to notify people affected by a data breach. Companies that have suffered a data breach might have a legal responsibility to carry out these notifications. And if the organization operates in more than one jurisdiction, it might be subject to different notification requirements.
How do you know what your legal obligation for notification is? Consult your legal counsel in each relevant jurisdiction. Your legal team will be familiar with the legislation regarding data breach notification (which continues to evolve on an annual basis in order to keep up with technology).
Even if you’ve fixed the problem that led to the data breach, you cannot sweep it under the rug and pretend it didn’t happen. There are harsh penalties for failing to comply with notification regulations. While your corporate reputation will suffer because of the breach, not following the law will worsen the situation.
The post Are You Prepared for a Mobile Device Data Breach? appeared first on Merit Solutions.