At the end of March the Inspector General released a report on the effects of BYOD (bring your own device) on the U.S. military.
The findings were a little worrying as the Military lacked some of the basic guidelines that many business have in place.
The following points are from the reports findings:
- Mobile devices were not secured to protect stored information. For example pin codes or encrypted data partitions were not in use.
- The US Department of Defense did not have ability to wipe devices that were lost or stolen. These are standard features with most devices now.
- Sensitive data was allowed to be stored on commercial mobile devices, usually unencrypted.
- DOD did not train users and did not have them sign user agreements as most medium to large companies would as a matter or policy.
- The Army CIO was unaware of more than 14,000 mobile devices used throughout the Army.
The Army did implement a policy regarding geo-tagging a while back, realizing the risk that came with soldiers taking pictures that automatically had location information embedded in them.
Marc Fischer, a mobile app developer in Los Angeles commented “The US military really needs to adopt the same policies that corporates have been using for BYOD such as pin locks and encryption as standard, disabling geo-tagging, social media guidelines, data storage and appropriate content and conduct guidance”
Tiro Security is a leading provide of ethical hacking and can guide your company through the pitfalls of BYOD. Please contact us here for a free security consultation.