Bring your own device to work. BYOD. More and more organizations are adopting this cost-reductive, convenient practice that permits workers to use their personal electronic devices for business work rather than enterprise-issued equipment. Though this can improve efficiency and lower operational costs, it can also ramp up risk as a company doesn’t hold carte blanche authority over the personal devices’ security and usage.
Let’s take a closer look at the threats that piggyback on BYOD and what organizations can do to bolster security to mitigate those threats.
The Threats of Bringing Your Own Device
- Mobility Mishaps
Personal devices fit into backpacks, purses, jackets, and pants’ pockets. Convenient. But this portability also increases the possibility of misplacement, loss, and theft as employees carry them to places they would not typically take a work appliance…places where they may be more distracted and less conscientious of their device’s handling and whereabouts.
- Infected Apps
Mobile devices are steadily attaining a larger segment of the BYOD population. And malicious third-party apps are just waiting to be downloaded on these lesser-secure devices to wreak havoc. Cyber criminals are expected to target mobile devices via infectious apps in the coming year as more people adopt the devices as their primary tool.
- Big Phishing
Though phishing isn’t inherent to BYOD, it becomes a greater threat when enterprises only focus phishing filtering security on the devices within their direct network. Cyber criminals are using greater sophistication in their phishing techniques and can easily hook an unwitting employee through a personal account on the BYOD device. This, of course, jeopardizes the organization and its data residing there.
- Weak WiFi
The ability to connect anytime from anywhere behooves productivity. But many coffee shops, airports, and hotels, etc. use unsecured WiFi networks, which are an open door for hackers.
- Exiting Employees
Employees who part from the company quickly can pose a difficulty in wiping organizational data from their devices, leaving the company vulnerable.
BYOD Best Practices
- Encrypt Data
Organizations should mandate encryption for all business data stored on BYOD devices. Even if the device is stolen or lost, full disk encryption thwarts an unauthorized use from accessing the data.
- Augment Authentication
Multiple authentication protocols also help protect the device in the event it falls into the wrong hands. Mobile devices already bear lax, if any, access security. And a savvy dark actor can easily breach a single-password sign-on. Adding at least dual authentication boosts protection.
- Secure Malicious App Defenses
For mobile devices, enterprises may want to consider mobile device management (MDM) software to determine the validity and safety of apps and block their download if infected. For other BYODs such as laptops, endpoint security and network solutions are also available that can offer early detection of malware through network activity.
- Educate Employees
Cyber criminals often rely on the weakest link for infiltration: the end-user. Automated endpoint solutions cannot stop all attacks. Companies should make staff cyber education a highest priority. Employees should be made aware of what to look for and what to do when they believe they’ve encountered a compromising communication. They should also be informed on the importance of keeping up with their devices’ security updates. Nefarious actors look for unpatched and outdated software wherein vulnerabilities lie.
- Establish a Formal Policy
Informal suggestions for device security may not hold much weight with many personnel. To better ensure BYOD best practices are followed, enterprises should implement a formal, documented BYOD policy, and subsequent repercussions for failing to comply, such as forfeiture of BYOD privileges.
- Data Restrictions
For optimal security, highly sensitive data should be restricted to internal company-issued devices. If this is not possible, then again, all data should be heavily encrypted. Additionally, data access of any sort should be granted on a need-to-access basis. For example: maybe the sales department shouldn’t have access to product development, nor should the human resources to accounting department data.
- Separate Network Landscapes
Employees can access enterprise networks separately on their BYOD devices through a mobile operating system or a Virtualized Mobile Infrastructure (VMI). This keeps personal data and business data isolated on two entirely independent networks within the same device.
The cyber sphere and those things connected to it are arguably an enterprise’s biggest threats today. To reinforce your organization’s resiliency and continuity, cyber crime and the avenues through which it can infiltrate your perimeters, should not be neglected.
Want to remain resilient and strengthen your bottom line? Contact an Assurance certified business continuity professional today. We will be happy to talk with you: 800-478-7645.
For more great industry info, check out our free whitepaper:
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.