Blog

Tuesday 26th May 2015
by Edel Creely

Edel Creely

5 BYOD security implications and how to overcome them

Are your employees ruling the roost when it comes to BYOD?

With the influx of generation Y and the increasing demand for flexible working, the shift from company owned devices to employees bringing their own devices is having a massive impact on how IT departments react to mobile security. Bring your own device (BYOD), recently known as workforce mobility, is one of the most complex developments for CEOs, because it introduces huge risks to data loss and data protection.

Although BYOD allows greater flexibility and increases productivity, it has a significant impact on the traditional IT model. Workforce mobility has caused a shift in IT consumerisation, where personal devices are interfacing with corporate data. Whilst this mobility creates numerous benefits for employees, it also puts significant pressure on organisations. The hardest hit are small and medium organisations who don’t have the in-house resources and knowledge to mitigate the challenges.

Although BYOD is an attractive business model, there are a number of security risks associated with it. With data security being the number one concern for CEOs, ensuring your IT environment is secure is more paramount than ever.

Now’s time to put IT back in control of BYOD.

1. Increases risk of data leakage

As our workforce becomes more reliant on mobile devices, the floodgates of data leakage and threats open up, resulting in an even greater reliance on the IT department to secure mobile devices. Mobile phones and tablets are the weakest link when it comes to security and are prone to attacks. They also require regular patch updates, with the responsibility for these falling into the employee’s hands. According to Gartner, by 2017, one in two companies will no longer provide devices to their employees. Therefore the onus is on the organisations to implement policies and procedures that help employees keep their devices secure.

Tip: Implement acceptable use policies and procedures that clearly communicate the boundaries, and what happens if these are violated.

2. Exploits vulnerabilities

CIOs are having less control over the mobile devices used in their organisation, which ultimately means they are more vulnerable to attacks. Employees are downloading mobile apps and connecting to external Wi-Fi spots without having the correct security protocols in place. In fact, according to a study conducted by HP, 97% of employee’s devices contained privacy issues, and 75% lacked adequate data encryption. This creates serious security holes that can be exploited by hackers. This, coupled with the fact that your employees might not have anti-virus protection or have an up to date firewall present on their mobile devices, means they are more vulnerable to attacks.

Tip: To prevent viruses spreading, it is important that there is a gatekeeper like a VPN, which grants access by verifying that the data being transferred from the mobile device to your IT network is encrypted and permitted.

3. Mixing personal and business data

One of the most obvious BYOD security challenges is coping with the storage of corporate and personal data on the same device. Ultimately there are going to be certain types of data that will be exposed throughout the organisation, so consideration needs to be given to the topic of securing this data.

One of the biggest threats to mobile devices is malware that is installed unknowingly by the user, meaning malware could find its way onto the network.

In addition to this, keyboard logging is another technique that is used by hackers to record login and password credentials. An effective way to overcome this is to implement one-time passwords so that users have temporary passwords each time they log in.

Tip: Invest in Enterprise Mobility Management (EMM) software so that you can monitor and then detect risks before they have a catastrophic effect.

4. Poorly cared for devices

The biggest risk in this area that IT departments fear is when employee’s devices are lost or stolen. Over half of security breaches occur when devices are stolen, so it’s paramount that companies are implementing encryption tactics to ensure that the device is secure against threats. A simple but effective way to ensure that employees secure their device is by prompting them to use even basic security features like using a pin code.

Those employees who don’t keep their devices up to date are at further risk of being targeted by hackers. This includes mobile operating systems as well as apps installed on the device.

Tip: Implement remote wiping capabilities so that IT Managers have the power to wipe the device as soon as possible without having to ask for the user’s permission. This will give the IT department greater control when a device goes missing.

5. IT infrastructure

BYOD requires CIOs to make modifications to the current IT infrastructure so that it’s BYOD compliant. CIOs need to identify which applications their employees are using to interact with corporate data. Businesses need to ensure that the data is not only protected, but also conforms to the current IT infrastructure. Penetration testing should be carried out to identify any vulnerabilities with the current IT estate.

Tip: The first thing you need to do is carry out a full audit of your entire IT environment in order to determine whether your infrastructure is set up to cope with workforce mobility. Reviewing the capabilities puts you in a good position to determine if you have complete visibility of your network layer.

How to overcome the BYOD security issues

While BYOD can be a great benefit to organisations, it can also introduce a number of risks so identifying them and introducing appropriate controls is an important step that must be taken to protect your business against any malicious attacks and security breaches. The main considerations that CEOs must think through are how their infrastructure will cope with the increased number of devices accessing the network, ensuring that their employee’s devices are adequately secured and aren’t breaching the company’s policies. Dermot Hayden, Country Manager at Sophos

IT professionals are constantly looking to reduce the gap, and get up to speed with the latest data security practices and advances. Although BYOD poses significant security risks, if managed properly, a BYOD program can reduce costs and increase productivity without hindering security. Educating employees on how to protect their devices and ensuring they are configured in line with security policies ensures that even the basic security precautions are adopted.

 

BYOD quote from Edel Creely

Join the discussion

Your email address will not be published. Required fields are marked *

Comments

4
  1. Great article to read on a Sunday night while I am researching on my undergrad final year project.

    I am going to do a project that looks at the security side of BYOD. You article mentions having an AV on these devices but I am looking at a bigger picture? How about a host checker.

    You can perform this on a VPN (Pulse, Barracuda, Juniper will all do that before allowed on a network) but what if you want users to connect directly to your network? A host checker will check the device is not jail broken, has got the right anti-virus, firewall is turned on, has the latest updates and service packs, is encrypted and most importantly configured with a password/passcode.

    If a device passes all these checks then it is allowed on a network. The user is however notified of failures and advised to resolve then and attempt reconnection.

    I think this will be great innovation in BYOD

RELATED POSTS