Greatest Threat to Enterprise Mobility: Employee’s Children

When you were in high school or college, your list of life goals probably did not include “navigate the Sandwich Generation phenomenon successfully.” If it did, you are a genius and we need to talk. For the rest of us, we had zero preparation for the moment of epiphany when we realized we were a card carrying member of the Sandwich Generation.

For me, the moment was when I sat with my mom and showed her how to use the iPad 2 for the first time. She was hesitant to interact with the iOS interface and every action she made was with extreme caution. Conversely, the first time my son was introduced to an iPad, at roughly 18 months old, he showed no inhibitions and started switching screens and moving icons with zero instruction.

As children get older and more adept at navigating mobile operating systems and various apps, they can also get themselves into some trouble. If you have a child, you have most likely experienced an “unauthorized” App or In-App purchase (thank you Freemium Apps). "Unauthorized" in this sense means that you, as a parent, did not give your child permission to make the App or In-App purchase. One example involves a seven year old that ran up a $400 In-App Purchase bill.

With Bring Your Own Device (BYOD) policies now becoming the norm within organizations, unauthorized App and In-App Purchases occurring on your employee’s smartphones and tablets is just the beginning of potentially unwanted activity involving an enterprise connected device. An unintended consequence of BYOD policies is that organizations are unwittingly allowing employee’s children to access the data contained on BYOD devices.

While children may not have malicious intent, they can expose your company to additional threat vectors that your employees may not typically expose enterprise and customer data to. For example, you provide information security awareness training so your employees understand that not all Apps found in an App Store or App market place can be trusted. But what about the employee’s children that can (and do!) download everything and anything because it just may be the next Angry Birds? We have seen Apps that are designed to obtain access to and remove data from a smartphone.

From a technical perspective, one solution to other individuals beside an employee having access to a BYOD sanctioned smartphone would be for an organization to deploy a Mobile Device Management (MDM) solution that includes the capability to sandbox (or isolate and protect) corporate data from personal data. Several products exist on the market today that includes such a capability. Other products are also available that provide sandbox environments that do not fit into the general MDM category, one example being RoverApps. RoverApps allows employees to leverage BYOD devices, while providing a secure means for the enterprise to deploy and manage Apps while ensuring the sensitive information related to the specific App and related back-end enterprise system is secured.

And what about teaching your children appropriate use of today’s technology, such as iPhones, Android devices, iPads, tablets, and gaming systems? In 2007 I started the 501c3 non-profit Savvy Cyber Kids to create educational materials for parents and teachers to utilize to teach their young children (ages 3 & up) safety and appropriate use before kids use the technology of today. So snuggle-up with you children and read The Savvy Cyber Kids at Home: The Family Gets a Computer and The Savvy Cyber Kids at Home: The Defeat of the Cyber Bully. Give your kids the head-start in today’s world you know they deserve. And don’t forget to get a copy for your child’s preschool or Prep-K classroom.

So, while you may not need to be as worried about your employee’s parents having free reign over an enterprise-connected smartphone or tablet, you do need to consider the impact of their children’s access to organizational and customer related data on a BYOD device.

Twitter - @benhalpert @savvycyberkids

Facebook - Savvy Cyber Kids

Youtube.com - SecExecCybrHero4Kids

Savvy Cyber Kids Homepage - SavvyCyberKids.org