Protecting Mobile Data Privacy in the Enterprise

The workplace today is dominated by mobile devices. Employee interaction via smartphone or tablet has become second nature. They will very likely use them to check work emails, download files containing customer information or access privileged network content remotely without a second thought. Unfortunately, accessing information in this way is inherently insecure. Whether it’s Internet snoopers at the airport, a stolen or lost device or state-sponsored surveillance company, confidential information can all too easily fall into the wrong hands. For this reason, implementing secure business communication techniques that protect the privacy of mobile data – on the device, in transit and at rest – has become essential. The answer lies in a combination of security best-practices and encryption-based technologies such as virtual private networks (VPNs).

Four Common Myths about VPNs

A Virtual Private Network (VPN) is a useful tool that encrypts data before it passes across the public Internet and then decrypts it when it reaches its destination. Rather like shutters on the windows of a house, it shields what goes on inside even though the outside can be seen by everyone in the street. The process, often referred to as tunneling, is particularly useful for businesses whose workers have to use the Internet in public places like coffee shops or airports. It is also helpful for those who want to keep confidential customer information or intellectual property safe from the prying eyes of hackers and spies. In 2017, the U.S. Trump administration overturned regulations preventing ISPs from making money from users’ browser data. At the same time in the UK, the Investigatory Powers Act served to increased government surveillance of Internet activity in response to a heightened threat of terrorism. Both led to a surge in interest in VPNs. A VPN is an established technology that has traditionally been seen as the province of technical specialists. Perhaps because of this, and in spite of VPN services becoming easier to deploy, a number of enduring myths persist.

Encryption is Central to EU GDPR’s Demand for Privacy

Starting May 2018, any business offering goods and services to EU citizens will have to comply with new GDPR rules. These rules explicitly require companies to take all measures necessary to protect the integrity of consumer data that they process or store. A key principle of GDPR is “privacy by default” which requires the digital information in everything from emails and mobile apps to cloud storage systems and M2M communications to be kept private and secure at all times. Studies show that U.S. organizations are no less committed to compliance as those in the EU. One of the most powerful protection measures a company can take is to encrypt data at every stage – in use, in motion and in storage. A tried and tested way to transport sensitive personal data securely across public networks is via business-grade VPNs. VPNs provide an encrypted tunnel to communicate privately between email and mobile connections as well as internal databases and cloud storage facilities.

Mitigating Retail Vulnerabilities

The threat of cybercrime against retailers is ever present. According to the 2016 Global Threat Intelligence Report, retailers are the top targets and receive up to three times the number of attacks as second placed financial institutions. Around 70% of retailers in Europe admit to being targeted while 45% of the attacks are known to have been successful. In the past 12 months, the US retail sector has also seen repeated attacks on electronic point-of-sale (POS) systems as well as consistently high volumes of phishing emails aimed at tricking insiders into giving access to corporate networks. With online takings expected to account for 21% of overall sales in 2017, cybercriminals will continue to try and profit from any vulnerabilities they can find in retail systems. To counter this, retailers have a variety of mitigation techniques available to them including VPNs. The best security remains multi-layered since no single technology can nullify all threats at all times.

Does more surveillance offer more protection?

The trend towards greater state surveillance has become even more obvious since Edward Snowden’s revelations. Governments frequently justify such invasions of their citizens’ privacy as counterterrorism or anti-pedophile measures. In recent weeks, two unmissable examples of state interference have been hurried through including an amendment to Rule 41 of the Federal Rules of Criminal Procedure in America and the Investigatory Powers Bill by Theresa May. Both laws permit or legalize massive invasions of privacy. Nobody is questioning the presence of a criminal threat – whatever it may be motivated by. However changes to legislation will weaken the security of many IT products which is already under heavy fire as demonstrated by current events such as the Google hack or attack on Telekom routers in Germany.

Lack of encryption is putting customer data at risk

Security researchers investigating the Yahoo data breach believe that a failure to use proper encryption is one of the prime reasons behind the hack. If this is right, then many more organizations may be putting customer data at risk. A report by Gemalto and the Ponemon Institute found 92 percent of businesses encrypt just 75 percent or less of their sensitive and confidential data when it is sent via the cloud. The proportion of respondents that encrypt data stored in the cloud is even lower at 40 percent. Worryingly for customers, it is their data that is the most common form of information left unencrypted. This places customer data at considerable risk of being viewed or even harvested by hackers. A simple way of protecting cloud data on its journey from device to cloud storage is to encrypt the whole process using a VPN tunnel.