IT’s efforts to protect information security can cause other problems. Mimecast CEO Peter Bauer lost a whole gallery of irreplaceable family photos and other personal information thanks to a BYOD policy he helped create. His daughter tried to open his smartphone. She tried to guess the phone’s PIN, and after five attempts, the phone was automatically and irretrievably wiped, in accordance with the company’s policy.
The lesson: IT departments should make sure they balance security with as much protection for users’ privacy and personal data as possible. Whatever controls and policies are in place, it’s important users are informed and sign off on a form acknowledging they understand what the company might do with their personal device.
Massachusetts Eye and Ear Associates, Inc., paid $1.5 million for violation of the Health Insurance Portability and Accountability Act (HIPAA). A doctor’s personal laptop was stolen. The unencrypted machine was loaded with sensitive information about patients.
The lesson: Companies should require all devices used for work to use encryption, password-protection, remote wipe, and other security features.
Check out more BYOD horror stories
Latest posts by The Security Awareness Company (see all)
- Venmo security: Peer-to-peer payment apps are riskier than you think - November 26, 2019
- Security Awareness: Get Management to Buy In - October 15, 2019
- The Ultimate Guide to a Successful Security Awareness Program (SAP) - October 10, 2019