Photos, Videos, and Other Multi-Media Content Captured by Employees Are Easily Shared and Rarely Governed
By Josh Bohls, CEO, Inkscreen
Recent headlines are once again demonstrating the consequences of employees’ inappropriate leaking photos from mobile devices, and are shedding new light on a problem that security and compliance experts have warned about for years. Multimedia content captured on employee devices is left unmanaged and all too easily and inappropriately shared.
In one high profile case, a first responder leaked extremely sensitive photos of the Kobe Bryant helicopter crash site. Clearly it is within the scope of a first responder to document the scene – this is done in any situation from a simple fender bender to a home burglary or a tragic and gruesome event such as a helicopter crash. The photos and videos are critical to document the scene and will be used in many different ways.
In another (and more positive) example, the capture of images on mobile devices has emerged as a helpful component of patient care delivery in some segments of healthcare, particularly during the COVID-19 pandemic. All patient content is of course subjected to HIPAA regulations, CCPA and GDPR protections, and other liability-laden considerations. Yet, even regulatory requirements, stringent organizational policies, and laws governing the care and confidentiality of evidence, and personal health data are sometimes not enough to prevent leaks of content captured on or shared with mobile devices. Similarly, insurance companies frequently require content captured by employees and consumers to validate a claim, and if the situation results in litigation, the photos may be presented as evidence in the trial.
Unfortunately, whether due to human nature and an individual’s drive to share interesting content, malicious device hacks, or through inadvertent leaks, the unauthorized sharing of sensitive mobile content is a major gap in many organizations’ security, compliance, and risk frameworks.
The reality is that in just about every sector, employees often take photos or videos for their job using the default camera app on their personal or company-issued phones. As a result, potentially sensitive photos, documents, and videos captured by an organization’s employee could easily get that organization caught up in privacy breaches and legal actions.
Employees with law firms, healthcare providers, insurance companies, other regulated industries, and intellectual property/design-led environments (such as automotive development departments for example) routinely take photos or record videos as part of their job. The best and most effective, proactive approach to protect content captured on or shared through employee mobile devices is for the organization to adopt a solution to protect and manage this content.
All of these factors elevate the priority that these photos and videos be managed and controlled. It is imperative that organizations who collect and handle sensitive media – such as law enforcement, healthcare organizations, and law firms – have systems in place to protect the content. The risks and consequences of ignoring this problem are immense. The company may be subjected to regulatory fines, the evidence may not be admissible in court, and victims can certainly cite the harms caused by the public release of such content, as was the case with Mr. Bryant’s crash.
IT and security teams need to mandate that employees use apps that enable the organization to protect, manage, and control business content collected on mobile. The new mobile mantra should be: capture media content securely.
One approach that security-aware organizations are taking to protect against leaks is selecting and deploying an enterprise mobility management (EMM) platform such as MobileIron UEM or Microsoft InTune. With or without an EMM, an important step to securing and safeguarding mobile multi-media content is mandating that employees use a managed camera app for all relevant document scans, pdfs, images, audio and video recording, etc.
Such market-proven managed mobile capture solutions let the organization invoke a wide range of policies and controls to protect sensitive corporate data. The best managed mobile capture solutions further extend these protections with compliance features that notify compliance departments, IT administrators or other designated recipients in the event that an employee attempts to share captured content to an unauthorized app or cloud provider, take a screenshot of a protected photo, or other actions that violate the established container and data leak prevention (DLP) policy.
Such leak prevention and insider threat logging and alert systems protect all involved – including the subject, the employee and the organization.
The use of employee devices to capture content is now de facto across the workplace. Secure content capture via a mobile capture solution lets organizations sharply reduce the risks inherent with the practice, protects the organization’s compliance, and safeguards the privacy and welfare of all involved.
About the Author
Josh First Name can be reached online at ( firstname.lastname@example.org and @inkscreen) and at our company website https://www.inkscreen.com/