CNBC recently reported that TEMU, an online shopping app with trendy items for sale at tantalizingly low prices, silently installs spyware onto devices once downloaded. According to Grizzly, the firm that performed this analysis, it’s undetectable by conventional measures, so your traditional antivirus software likely won’t catch it. It runs in the background, mining any data you keep on your device.
Whether this is true or not, the idea that popular consumer-based apps could contain additional software like this raises security concerns — not just to individual users, but also to companies whose employees access company resources with personal devices. As the world becomes more digital and hybrid, personal devices in the workplaces are almost a given.
So, how can companies protect themselves?
The Massive Risk to Companies
We do a lot on our phones. We log into accounts, buy things, check our bank accounts, access patient portals… the list goes on. If spyware makes it on to your phone, all of that data is at risk of being mined, sold, and compromised.
Personal data theft isn’t the only risk, though. As personal devices become more prevalent in the workplace, spyware could infiltrate company information as well. Even if employees are only using their device to log into their company email, the spyware could catch their company email address, password, company contacts, and potentially sensitive email contents. That’s a lot of data.
And this isn’t the only allegation out there. Tik Tok, for example, has often been in the spotlight for suspicions of data theft. In fact, several countries have banned Tik Tok from official devices in government institutions.
The fact is that personal device use is expanding, and malware is exploiting this trend with increasingly sophisticated and predatory tactics.
How Can You Protect Company Data?
It can be tempting to put a ban on anything and everything suspicious. And for company-managed devices, this may be feasible. However, companies are limited in their ability to restrict what goes on personal devices. This can create a massive security gap.
So, how can companies protect themselves?
At JumpCloud, we’re fans of the “opt-in” approach to BYOD devices in the workplace. That is, if employees decide they want to use their personal devices for work, they must opt into the company’s BYOD program and abide by its policies. In this model, employees are also welcome to opt out. By doing so, they agree not to access any company resources or data with their personal device, which remains unrestricted.
Learn how to create a secure BYOD policy in our blog, BYOD Best Practices.