What is BYOD? It’s been around for a while but the pandemic has given it renewed significance. With shelter in place orders, many employers just could not provide new devices to each employee and allowed them to work from home on personal laptops, tablets and smart phones. This alternative is called Bring Your Own Device or BYOD and with remote working here to stay, risks of using personal devices for business needs to be looked at again.
While most of the world is focused on enabling remote work during these times, others are looking at taking advantage of the situation to commit cybercrimes.
– Rachel Bush, Director Cybersecurity at Nationwide (Finance & Insurance)
Remote work will continue to be the new normal with many companies realising the advantage of a work from home workforce. Companies need to have a BYOD Policy to mitigate the risks of personal devices connecting to corporate networks.
You might also like: If You’ve No Website Security, Here’s Why Hackers Want You
The 5 risks of BYOD, companies need to beware of
BYOD security risks are more apparent when you consider how many different entry points are now available into company systems. Employees might be using unsecured networks or have already infected personal devices that are accessing company data and transferring critical files. How prepared are you to deal with these threats?
1. Malware infection
While your employees might bring their own devices to work, they are still entitled to use the same devices for personal use. The strong firewalls that company owned devices have, are not available on personal systems. Here is where the danger sashays in. People rarely read the terms of service of an app they download or even think twice about the excessive permissions they are agreeing to when they download content. So, what happens if your employee downloads a mobile game that has hidden malware or virus? The malicious code could pass into your company network when they login to work.
2. Smartphone “jailbreaking”
Whether your employee uses an iPhone or an Android device, its operating system can be compromised. “Jailbreaking” or “rooting” can be done by users themselves not just by hackers. This is because jailbreaking allows one to bypass vendor configuration restrictions and allows for more customization. However, this at once makes it more vulnerable, since hackers can introduce applications that will gain access to device sensors such as microphone and camera or access sensitive data without any restrictions.
3. Data theft
Your company’s BYOD policy (if you have one, most don’t) makes it easy for your employees to always stay in contact even when traveling. But here is where it can get tricky. Everyone loves to use free public Wi-Fi and most travellers will login using the free airport Wi-Fi or that at a coffee shop. Remember, though that while it is a convenience to individuals is also gives the same convenience to cybercriminals to access data. Do you have a BYOD policy that informs your employee on how to protect your company data in public spaces?
BYOD has sometimes been called Bring-Your-Own- Danger.
4. Loss of Device
Loss of a BYOD device is not just a personal inconvenience to its owner. It could very quickly escalate to a disaster for the organization. Here are the “what if”scenarios that could happen.
- What if the device has stored company critical data?
- What if it hasn’t used secure passwords to log into company systems?
- What if the owner has not followed company security protocols?
Even if the employee has done everything correctly, hackers use sophisticated technology to crack even secure passwords or thumbprint identifiers.
As soon as a device is reported lost, consider it a risk. Your company must have MDM (Mobile Data Management) to allow admins to do a remote data wipe if an employee loses a device or leaves the company. Wipe, forget and get on with work, as usual, should be the guidelines set out in the company’s BYOD policy.
Over 60% of company network breaches are due to a lost or stolen device, usually a mobile phone
5. Untrustworthy employees
No one wants to think that an employee can steal data but it has happened often enough. BYOD just makes it easier for an employee because they own and control their devices. Employees that have legitimate access to company sensitive data will always be a weak link.
6. Potential Legal Issues
If a security breach leads to data leaks of customer or business partners this could end up with your business having to deal with legal litigation. Not to mention the legal penalties if it is ruled that your company hasn’t taken enough of precautions to keep all its devices secure.
If your organisation has to comply with HIPAA or GDPR requirements it makes it all the more necessary to have an effective BYOD policy in place.
You might also like: Machine Learning! Are Companies in India Ready for it?
Is it possible to have BYOD Security?
Yes, you can. Of course, it is much easier to exert control on company owned devices but BYOD security is possible with the right tools that can enforce security and detect compromise risks. However, it must all start with a well-crafted BYOD policy that improves employee experience while protecting company assets.
What is BYOD Policy Guidelines?
Your BYOD policy should cover the following
- Make terms of compliance understandable by reducing jargon.
- Use simplified language to explain user action related to data security
- Clearly explain where end-users can get help if they have a problem
- Effective User-End-Point Management to store work data separately
- Audit your policy regularly to stay future proof
Mobile Device Management solutions are a good way to keep external smartphones, laptops and tablets secure. The IT department can define security setting for in-house corporate systems as well as “over-the-air” devices without compromising on security. AN MDM can configure profiles to be compliant with policies for VPN, Wi-Fi as well as other parameters. MDM is also the best way to push updates, work material or relevant apps to employees. It can also un-enrol employees remotely when they leave the organisation.
Each business has differing security needs. If BYOD is an essential part of your program than it is important to weigh in on the right security measures. We, at iTech India, can help you find the right BYOD solution. If you have questions, message us here or email us at firstname.lastname@example.org