TV511’s policy allows most employees to use their own laptops for working purposes without installing or applying any security managements on them. The business and personal data coexist on same device then it is very difficult to find a balance between a strict security control of enterprise and privacy of personal data, specifically when the device is no longer a corporate issued asset.
Operating System Staff members of sale department and customer services are in favor of using Apple MacBook due to their elegant style and remarkable battery life. Nevertheless, these common users hardly know which vulnerabilities can be exploited while they are using Apple’s OS X. For example, ESB-2016.0746 - [OSX] OS X: Multiple vulnerabilities showed that
…show more content…
Worse, they cannot see if the user 's machine already contains malware such as keystroke loggers, frame grabbers or Trojans. They also cannot see or manage stored information such as the end users ' cache, cookies, password store and browser history. Data can remain in the web browser cache in clear text format, where it can be easily extracted by either malware or end users. Even simple, everyday tasks, such as cut, copy, paste and screen capture, put sensitive data in the system-wide clipboard, also rendered in clear text format and easily accessible even after the web session has ended. In addition, stored user names and passwords from browser sessions remain available in the authentication cache and are therefore vulnerable to …show more content…
In addition, the business data will be stored on these devices, being or not protected only by the individual security awareness of each employee. Therefore, it is likely that the confidentiality of corporate data will be compromised if an employee’s device is lost or stolen. Take Godiva, a chocolate manufacturer, as an example. On November 25, 2014, they notified employees of the company of a data breach when a Human Resources employee, who was traveling to retail sites, had a briefcase stolen from a car. The briefcase contained a laptop that had employee information on it. The lap top was not encrypted, and the information included names, addresses, Social Security numbers and driver license numbers of Godiva’s