A couple of days ago it was discovered that hackers managed to intercept some explicit images that were sent through Snapchat, a social media messaging app very popular with teenagers aged 13 to 17. Snapchat users send photos and videos between contacts for a temporary period of time before they are automatically deleted. The Hackers proceeded to post the intercepted images online.

What is interesting about this particular scandal is that Snapchat officials claim that their “security was never breached”. Apparently the hackers managed to intercept the photos through third party apps that can retrieve data as it is sent to Snapchat. Third party apps can look extremely official and even carry the same theme as the app that they are trying to associate themselves with. These apps can fool, not only teens, but also the smartest of business people.

Snapchat condemns the downloading of these apps in their Terms Of Use and is constantly seeking them out and shutting them down on the appstore, yet the hacking of the explicit images still took place. We can draw a parallel between Snapchat and corporate IT as the snapchat central servers that were not breached can be compared to corporate IT servers. No matter how strong and secure your corporate IT security, the behaviour and actions of your users and the apps that they install can still make private data available to third parties.

This is why it is imperative that companies recognise the dangers of BYOD and understand the value of implementing a strong BYOD security policy that aims to limit and prevent the downloads of unsafe applications. Policies that control which apps are installed either by locking down devices or even by setting clear guidelines for users will help to minimise the threat.

There are many articles that go into detail on BYOD policy, it is not our intention to do that here. There are obvious steps that should be high on the list of considerations for any BYOD policy, including:

• Categorize and segment your users.
• Have a centralised management capability (e.g. to wipe sensitive areas of the mobile device from a central location.)
• Use tools for access control and encryption.

Whilst all these tips and others are important, the lesson that can really be learned from this Snapchat incident is that it is essential to devise clear rules and guidelines on third party apps and communicate these to your users.