Mobile security incidents lead to damage in six figures, the market researchers of IDC at the presentation of the study in every fourth company “Mobile security in Germany 2017”. 65 percent of the companies surveyed reported attacks on mobile devices, an increase of eight percentage points compared to 2015. To better counter threats to mobile, 38 percent of the companies keep the prohibition of access to unauthorized Wi-Fi HotSpots for crucial, 34 percent want to revise their security policies, 28 percent think the introduction of a (enterprise mobility management) & security solution.
looking specifically at small and medium-sized enterprises (SMEs) in Germany, the situation worsened even more: according to IDC, 52 percent of IT managers think that a greater danger than by cyber criminals emanates from users. But there is great confidence in security of mobile devices in SMEs. Europe HID exercise according to a global survey 75 percent of SME employees to have no safety concerns when they use Smartphones or tablets. Considering the increasing number of mobile security incidents, fooled many SMEs from a false security.
mobility-concepts are important for SMEs, but the control is missing
despite the security risks rise to half of SMEs on mobile working models: 30 percent to invest in technology to optimize the support of their mobile workforce. Another 20 percent are planning investments with similar objectives as a showed Aruba study. Thus not enough: As study revealed the ovum “The European Mobility Management Gap”, only 50 percent of companies use solutions in Europe for MDM (mobile device management) and EMM (enterprise mobility management). The other half are not especially for privacy and cost reasons.
that is worrying, especially for SMEs: firstly the cost arguments for SMEs play an even greater role, the MDM / EMM-dissemination is there so much less. On the other hand, privacy almost requires a control of mobile devices, apps and data. A waiver of such solutions is a real problem. No question: There is a need for action in the mobile data protection, especially in SMEs.
requires already exist today privacy regulation more transparency and control for mobility
very difficult for SMEs to implement the mobile data protection. With the data protection Regulation (DSGVO / GDPR), to apply from may 2018 without delay is, the tasks in the mobile privacy are even bigger. Many SMEs in Germany must therefore immediately work on their concepts for mobile security and implement the necessary solutions, to timely comply with the DSGVO. These examples for stricter requirements for data protection and the problems that exist with mobile devices show what to do specifically is:
- localizability of data : the necessary security measures and the rights of the persons concerned for example to receive information about the data stored about them can be implemented only if the companies have an accurate view of their data holdings and access to the data. The data are stored on mobile devices or processed with mobile devices, this transparency is hard to achieve if one operates a comprehensive device and data management.
- the right to data portability : without the aforementioned transparency to the data, the rights of those affected on the transmission of your data to another company can be implemented barely makes sense.
- the right to forget are / deletion obligations : without the transparency to the data on mobile devices, also the deletion obligations of data protection can be not reliably implemented.
- reporting obligations for privacy violations : just mobile devices often are lost or stolen. The data on Smartphones and tablets of SMEs are not sufficiently protected and there is no overview of the data and equipment, can not respected the deadlines for reporting a violation of privacy. Today, data breaches are discovered far too late, the new 72-hour deadline to report exacerbated this situation.
- documentation of security measures and State of the art : the measures for the security of the processing must be ensured also in mobile devices and documented. While the measures must comply with the State of the art. This is a significant problem, because one is without appropriate management tools only very difficult regularly to review and document the security status. On the other hand, the question whether the appropriate management tools not as security must be counted after the State of the art arises, i.e. whether you without even today on a mobile management, to disregard the claims after the State of the art.
- power handling of IT : also the mobile IT must meet the demand after load as she prepares the DSGVO for security of processing (article 32). If the security status of mobile devices but not easily can be monitored, the question of how to ensure the resilience arises.
- privacy by design and by default : mobile apps, operating systems, and devices need to be privacy-friendly designed, as the preferences must be privacy-friendly. The corresponding privacy control of settings and functions can be performed at the multitude of devices and apps but hardly by hand. Here too the mobile management tools for many SMEs are missing.
SMEs need mobile management for data, the data protection regulation is an important example of the importance of apps, devices, and risks
improved mobile security concepts. The DSGVO shows that SMEs need more opportunities to provide visibility and control for mobile data, apps, devices, and also risks.
if appropriate MDM or EMM solutions are too costly, the option should be considered appropriate mobile management solutions from the cloud. Of course, that cloud data protection to note is the as in the management of mobile devices, apps and data user data related to the person can generally accrue.