Page 98 - Cyber Defense eMagazine for September 2020
P. 98
organizational policies and laws governing the care and confidentiality of evidence and personal health
data are sometimes not enough to prevent leaks of content captured on or shared with mobile devices.
Similarly, insurance companies frequently require content captured by employees and consumers to
validate a claim, and if the situation results in litigation, the photos may be presented as evidence in the
trial.
Unfortunately, whether due to human nature and an individual’s drive to share interesting content,
malicious device hacks, or through inadvertent leaks, the unauthorized sharing of sensitive mobile
content is a major gap in many organizations’ security, compliance and risk frameworks.
The reality is that in just about every sector, employees often take photos or videos for their job using the
default camera app on their personal or company issued phones. As a result, potentially sensitive photos,
documents and videos captured by an organization’s employee could easily get that organization caught
up in privacy breaches and legal actions.
Employees with law firms, healthcare providers, insurance companies, other regulated industries, and
intellectual property/design-led environments (such as automotive development departments for
example) routinely take photos or record videos as part of their job. The best and most effective,
proactive approach to protect content captured on or shared through employee mobile devices is for the
organization to adopt a solution to protect and manage this content.
All of these factors elevate the priority that these photos and videos be managed and controlled. It is
imperative that organizations who collect and handle sensitive media - such as law enforcement,
healthcare organizations, and law firms - have systems in place to protect the content. The risks and
consequences of ignoring this problem are immense. The company may be subjected to regulatory fines,
the evidence may not be admissible in court, and victims can certainly cite the harms caused by the
public release of such content, as was the case with Mr. Bryant's crash.
IT and security teams need to mandate that employees use apps that enable the organization to protect,
manage, and control business content collected on mobile. The new mobile mantra should be: capture
media content securely.
One approach that security-aware organizations are taking to protect against leaks is selecting and
deploying an enterprise mobility management (EMM) platform such as MobileIron UEM or Microsoft
InTune. With or without an EMM, an important step to securing and safeguarding mobile multi-media
content is mandating that employees use a managed camera app for all relevant document scans, pdfs,
images, audio and video recording, etc.
Such market-proven managed mobile capture solutions let the organization invoke a wide range of
policies and controls to protect sensitive corporate data. The best managed mobile capture solutions
further extend these protections with compliance features that notify compliance departments, IT
administrators or other designated recipients in the event that an employee attempts to share captured
content to an unauthorized app or cloud provider, take a screenshot of a protected photo, or other actions
that violate the established container and data leak prevention (DLP) policy.
Cyber Defense eMagazine – September 2020 Edition 98
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
