Despite concerns about Bring Your Own Device (BYOD) security risks, employees over the past years have enjoyed the multiple benefits of BYOD. Employers are unlikely to ever stop staff from bringing their own devices to work or using them remotely for work purposes. The challenge remains to identify security risks associated with BYOD and find the most appropriate solutions to mitigate these risks.
Every organization has its own approach to BYOD and will need to implement custom protection in line. How is BYOD practiced in your workplace? What devices are being used and by whom?
Mulling over these considerations is the first step in formulating rules that can help balance the risks of BYOD against the benefits for both your business and your employees. The benefits are substantial. These include more satisfied employees, lower hardware costs and increased mobility and productivity for remote workers. In the beginning, BYOD was smart, practical, cost-effective, trendy and very employee friendly. As cyber-attacks have increased and are making headline news, an uncertainty towards BYOD set in that is still ongoing today. Organizations realized they had to start weighing up security costs against the value of BYOD brought to the company’s financial bottom line.
What are the risks?
Besides the technical challenges, security and privacy are the primary BYOD risks. Technical challenges include connecting to wifi, accessing network resources like shared files or printers and addressing device compatibility issues.
Security and privacy are risks by both organizations and employees in different ways.
Organizations tend to be more concerned about the security of corporate data (and how user behavior threatens it). Employees are more concerned about the privacy and confidentiality of their personal data (and what rights their employers have to access it).
- Local exposure – Loss of control and visibility of the enterprise data which is being transmitted, stored and processed on a personal device. One of the inherent downsides to BYOD.
- Data Leakage – Potential data leakage or disclosure of company data from an unsecured device
- Data loss – Physical loss or theft of a device (and thereby loss or compromise of sensitive data)
- Public exposure – Susceptibility to man-in-the-middle attacks and eavesdropping at public wifi hotspots often used by remote workers. Connecting to personal area networks, e.g. using Bluetooth, poses similar security risks.
- Insecure usage – Unacceptable use of a BYOD by a third party, e.g. friends or family at home
- Cross contamination – Just one of the many risks of having personal and corporate information housed on the same device. Corporate data may be accidently deleted.
- Insider attacks – Vulnerability to insider attacks which are difficult to prevent since they occur in the local area network (LAN) or an organization using a valid user profile.
- Malicious apps – Devices with compromised integrity.
Because BYODs access company servers and networks, companies can legally access them. Initially, employee concerns around privacy were Big Brother-type ones. These concerns included whether companies would have the ability, and right, to snoop into private correspondence as well as social media, internet searches, etc. But experts pretty much agree, employers aren’t all that interested in what employees are doing in their spare time. They are more interested in whether what they are doing can in any way compromise the company’s security.
How do the big guys deal with BYOD?
For many smaller companies, BYOD seems to be the elephant in the room. What the big guys have in common is a plan and an eye on the bottom line.
A few Fortune 500 companies – Gannett, NCR Corporation, The Western Union Company and Western Digital say they made sure to put secure access procedures in place prior to allowing mobile devices onto their LANs. Their top BYOD security practices were:
- BYOD users have to install corporate-approved anti-virus software
- IT administrators must also be able to access employee BYODs for security reasons.
- Some companies require employees to use PIN locks on their devices
- A few companies prohibit use of personal email accounts for business purposes
- Others prohibit the storage of business material or information on internet cloud sites unless expressly authorized.
The trick to dealing with the threats inherent in remote working and BYOD is to have a knowledgeable IT company working for you. Put BYOD into perspective in terms of value versus security risks. Call us with any questions or to set up an appointment to discuss your company’s IT security!
Phillip Long - CISSP, CEO of BIS Technology Group, along with his team of marketing and information technology experts, will walk you through an overview of what your business should be doing to protect your data and plan your digital marketing strategies.
About BIS Technology Group
BIS Technology Group is the technology leader on the Gulf Coast and is comprised of four divisions: Information Technology, Web Design & Digital Marketing, Office Equipment and Business Consulting. Together these divisions help local businesses exceed expectations and allow them to group to their full potential while minimizing risks. To learn more about BIS Technology Group, visit bistechnologygroup.com.
You may reach out to us at: