Part 5 of 8: Using Personal Devices for Professional Purposes
Covid-19 has transformed daily life for most of us over the past two years. Perhaps the change I have noticed most acutely is the emergence of Shadow Operational Technology (OT) creeping into our lives in countless ways. Think of all the technology required to adapt to an efficient yet Covid-conscious model for work. Employees forced to work from home may now have to rely on personal devices like laptops, phones and tablets not owned, controlled or monitored by the organizations using them – perfect examples of Shadow OT – to maintain business as usual. Or consider the vendors and restaurants that use mobile devices to facilitate hands free payment and screening.
While the use of personal devices for professional purposes has been beneficial throughout the pandemic – especially for struggling businesses unable to afford company devices for employees – when it comes to Shadow OT, cautionary tales remain plentiful. Therefore, let’s think about how the use of personal devices for professional purposes can impact data security.
Trial by Fire
Not too long ago, I went to a restaurant I’ve been to countless times before for some good old comfort food, fish & chips. And as has become the norm, a worker asked to scan my vaccine passport upon arriving (in Canada, this is usually a QR code generated by a provincial government website). So far, no big deal – that is, until I sat down. To my surprise, I saw the worker using Instagram on the same device that was just used to scan my Vaccine Passport QR code. Hmmm. This must be a personal cell phone – a clear example of Shadow OT at use.
In terms of data security, what does this all mean? Let’s dive a bit deeper. It turns out that the personal device of the worker used to scan my QR code was attached to the open public Wi-Fi offered by the venue. As with any public Wi-Fi network, it would be very easy for anyone with a laptop and a bit of know-how to Wireshark or record network traffic for live or future analysis. So hopefully, the link to the provincial health cloud is secured and the worker’s personal device is free of viruses and other malware. The problem is, we don’t know.
This example can be extended and compared ad nauseam. Think of a remote worker using a personal laptop to review confidential data on the public WiFi of a coffeeshop. Or a fieldworker asking passersby to complete a data-collecting survey on their personal tablet. If that phone, that laptop or that tablet is not monitored by the employer, there is simply no way to ensure that data security is being upheld – or even considered – as it should.
Time to Problem Solve
Common sense can easily solve this conundrum. As more employees start relying on mobile devices, businesses need to implement a bigger security veil so that there is no loss of data. And ultimately, business owners should forbid the use of personal devices – especially when personal or confidential information is at stake. Finally, if businesses have the means, then they should ensure that employees have dedicated devices with a private communication path to the end applications consuming the personal/confidential information. Doing so would prevent the opportunity for unwanted network infringement by external – and therefore unauthorized – parties.
Expeto’s NeXtworking™ solution for Private Mobile Networks (PMNs) can easily solve this issue by enabling workers to securely access the company PMN no matter where in the world they might be. Protected by the company firewall, the device will adhere to the company’s security policies all across the globe. And with control over the data path of each and every company device, businesses can establish an unprecedented new standard for data security. The result? More peace of mind to both the consumer and businesses – which will go a long way toward getting through this phase of Covid-19 together.
To read more in Brian Baird’s Shadow OT series, click below!
