Bring Your Own Device or BYOD, once a 'latest hot trend,' is now 'business as usual' in many workplaces and a perceived driver of success.
A recent Ovum study cited in Security Magazine reports that companies are most successful when they tie BYOD policies to specific business goals like raising productivity or growing the workforce. The same study shows that 79% of employees in high growth markets believe BYOD helps them do their jobs better.
But BYOD benefits are not without security risks — which include the exposure of sensitive business information and private employee data by the loss, theft, misuse or compromise of personal devices.
Often the exposure is unintentional; for example, a friend or family member of an authorized user may catch a glimpse of confidential information on the device when it’s left face up on a table or desk. Or, a device may be hacked when its owner ‘jailbreaks’ it to upload an unapproved app; or, connects the device to an unsecure wi-fi network using hotspot.
Tips To Minimize BYOD Risk
Intentional or not, incidents like these provide more windows of opportunity to hackers seeking holes in a network’s security defense. Companies looking to create a safe, productive BYOD environment need to close or at least limit the number of these holes with a combination of employee IT policy, practices and cybersecurity technology including:
Access control. Assign corporate data access privileges from personal mobile devices based on employee's’ roles and needs; for example, a select group of employees get unlimited access, while others get access to non-sensitive data only, and still others are permitted access only with IT control over the device.
Education. Create awareness of the risks to company information and systems when working outside the protected network environment — such as in a cafe with unsecure wi-fi. Establish clear, consistent procedures for reporting the loss or theft of a device and educate employees on best practices for secure mobile device use including strong passwords, frequent backups and OS updates.
Back ups. Back up data often and prohibit employees from connecting to the corporate network with jailbroken smartphones that be compromised easily by malware. Identify the data in your system that’s most appealing to hackers, and establish firm security protocols for access privileges, storage and backup schedules.
Encryption. Encryption is one of the most reliable forms of data protection because it renders data useless (or, at a minimum, diminishes its value) to hackers when they do breach your network.
Cyber threat assessments. Perform cyber threat assessments to discover network security flaws, where your most valuable data lies, and likeliest threats from BYOD and other practices. (Our partner, Fortinet, offers online cyber threat assessments free to customers.) Once exploitable flaws are identified, conduct penetration tests to simulate attack scenarios, evaluate degree of severity, and identify remediation and mitigation steps for real-world situations.
If you have questions about any of these measures, please get in touch. An experienced network solutions provider and partner of cybersecurity technology leader, Fortinet, Resilient Intelligent Networks can recommend and deploy strategies and technology to create a secure, “business as usual” BYOD environment in your organization.