What are the cybersecurity concerns for cloud mobile and BYOD applications?
Given the new world of remote work and a continued increase in cyberattacks, many companies have been blindsided by the need to create BYOD policies that emphasize company and employee security. Show
Unfortunately, most companies have come to the battle of device security unarmed. In fact, in a recent poll, 50 percent of companies said devices needed to be registered for security purposes; however, only 32 percent required the right security software registration. In the same survey, 17.7 percent of respondents admitted that they don’t tell their IT departments when they are using their personal devices for work purposes. With these statistics in mind, it is important to establish a comprehensive BYOD policy so that employee satisfaction is maintained without compromising business data security. What is BYOD?BYOD is an acronym for Bring Your Own Device. It generally refers to company policies that allow for employees to bring their own devices to work (and take them home) instead of having work-specific devices. Why is BYOD Security Important?BYOD can come with some major security risks (as you surely can imagine). We’ve taken some time to outline the biggest and most common risks we’ve seen. 5 Biggest BYOD Risks + How to Solve Them1. Exposed Email or Other Employee InteractionsEmployees who check work email on personal devices often fail to use basic security measures. If accessed, their email accounts or social media apps may provide easy information. The Solution Invest in robust penetration testing to limit what ne’er-do-wells access when they inevitably obtain mobile devices. Conversations can be further protected via extensive data encryption. Employees should keep personal and work-related interactions separate, ideally using completely different apps for each type of contact. 2. Device Loss or TheftBYOD workplaces benefit from the approach’s uniquely mobile nature. Unfortunately, on-the-go employees sometimes misplace devices, leaving company data at risk even if properly secured. The Solution BYOD businesses should develop extensive anti-loss initiatives. Effective security measures are especially critical for vehicle fleets or airport visits, which account for the majority of BYOD mobile device thefts. In worst-case scenarios, tracking systems can hasten device recovery. Additionally, mobile data management solutions can remotely wipe compromised devices before the information becomes accessible. 3. Malicious Mobile AppsMalware remains of concern for desktop and laptop users, but it’s even riskier for unassuming smartphone users. Many employees download problematic apps on their personal devices without bothering to check for authenticity. Mobile malware may be more difficult to detect, in part because it mimics popular and legitimate apps. For example, many users fell prey to a malicious imitation of the beloved app Super Mario Run. The malware attack targeted Android users before the legitimate version of the Nintendo app even made its official debut. Those desperate to access the game early suddenly found themselves dealing with the Marcher Trojan, best known for stealing bank information. Often, an app’s malicious status is virtually undetectable for employees, even months after download. These apps may use seemingly innocent features such as phone-based cameras or GPS for harmful purposes. Data gathered through integration with calendar apps or audio recorders may be sent to third parties. Malicious apps are of even greater danger on jailbroken smartphones and tablets, which lack the beefed-up security of standard-issue devices. The Solution BYOD policy development must thoroughly prepare companies for the possibility of malware on mobile apps. Workplaces should train employees to recognize problematic apps and ban those already identified as risky. Additionally, application readiness automation offers IT departments a wealth of information on app behavior. Companies with an automated readiness solution can quickly identify risky apps to minimize malware damage. Emerging technology known as mobile application management allows IT the ability to modify security settings for each user or application. 4. Cloud-based StorageApps such as DropBox allow for easy storage of critical documents in the cloud. They also provide a treasure trove for hackers. Secure cloud storage policies are difficult to enforce in any workplace, but the BYOD approach allows ever-increasing amounts of sensitive data to reach insecure cloud storage systems. The Solution Some BYOD proponents recommend that employers allow workers to utilize their preferred cloud solution. This could reduce the potential for user error, which, with cloud storage apps, can prove particularly devastating. Experts at the SANS Security Institute claim that user error accounts for a shocking one-third of data loss, falling just slightly behind hardware failure. For companies using a single cloud solution, security is best achieved through robust encryption and authentication. An especially proactive solution: client-side encryption gateways, which prevent sensitive information from reaching an insecure cloud in the first place. 5. Different Versions of Corporate Network SecurityFrom Android phones to iPads, employees use a variety of devices in the workplace. Unfortunately, this makes BYOD risk assessment uniquely difficult. Different network security options exist for each operating system, making it challenging to find a uniform security solution. The Solution An ever-increasing array of products allows information security managers to keep a diverse network of devices safe. These products aim to keep vulnerabilities out of the network and off devices, whether they are running Mac, Linux, or Windows software. From unsecure cloud storage to malicious mobile apps, BYOD issues in the workplace abound. Businesses need not abandon this approach altogether; a robust BYOD security policy allows employees to use their own devices while sidestepping common risks. BYOD Policy EssentialsIf you want to regain control over BYOD security in your organization, you need to have well-designed policies. BYOD Policies Should Be Held Long TermYour BYOD policy should be endpoint independent so you can make allowances for new or emerging devices and platforms. Endpoint independent means that the policy can be applied to all future devices. Additionally, your policy should be built for long-term use. If you are constantly revising your BYOD policies, you will have a hard time enforcing the established guidelines. Involve All Parties in the ProcessAll interested parties need to be involved in the policy creation process. This means everyone –from senior-level team members to the HR, IT, accounting, and legal departments– should be involved. Including these team members will help you create a comprehensive policy that meets all your security, functionality, regulatory, legal, and technology requirements. What’s more: any red flags or controversies can be appropriately addressed before they cause any impact. Don’t Force Policies, Adjust InsteadYou wouldn’t force a round peg into a square peg, so don’t try to do the same thing with your BYOD policies. What works for one company might not work for another. The goal is to create a policy that meets the needs of your employees without compromising data security. By adopting a mentality of continuous improvement, you can create a policy that can be implemented in stages to achieve flexibility, security, and –of course– support from employees. Create a List of Permissible DevicesSome devices are not suitable for BYOD, although that list gets shorter and shorter as remote work emerges. With this in mind, it is far better to draft a list of the exact devices and the security requirements they need to meet, in the earliest stages of your BYOD policy implementation. Additionally, it would help if you insisted that employees take all of the maximum precautions when selecting passwords, using screen locks, and accessing your business network. Effective CommunicationThese policies only serve a purpose if the people using them understand the requirements, and are aware of the process. Whether holding an informational session, creating a guidebook, or sitting each employee down with your IT department, one thing is sure –if you fail to communicate your BYOD policies properly, then each user could pose a potential threat. Finally, make sure that your explanation materials are adequately tailored to each audience, including your support staff, managers, end-users, and various departments. Once again, transparency is KEY. Create Policies That Benefit Both Employee and BusinessA BYOD policy is only useful if it is mutually beneficial to the employees and the business. As such, you will need to define policies that employees will use. For example, depending on your business’s sensitive nature, you might not need to access your employee’s apps or disable the screenshot feature. Instead, you should focus on policies that maintain enterprise security data without infringing on your employees’ privacy and devices. Embrace the Freedom of Choice BYOD OffersAt its core, BYOD is a consumer-led revolution. Simply put, it is about freedom of choice. By embracing this concept, you can create a comprehensive BYOD policy without opening the door to security risks. Separate Between Work and Personal UseA BYOD policy needs to draw a clear line between employees’ work and personal lives. This means that work apps can never be used for personal matters (and vice versa). Additionally, you should make sure that there is a clear separation between personal and work lives when it comes to using calendar apps, creating contact lists, and sending emails. Don’t Leave Data Locally on the DeviceIf you want to avoid heightened security risks, then you need to create a BYOD policy that doesn’t leave data on the device. This means making sure that employees aren’t using apps that store data on their devices. You should also have a strategy to handle transferring data back to a company should an employee quit or be let go. As a fail-safe, you can use a cross-platform security solution like Prey to track, recover, or –if it comes to that– remotely wipe all data from a device. Protect Your Business From LiabilityWhen you create a BYOD policy, you must protect your company from the liabilities associated with employees who engage in inappropriate or illegal behavior on their BYOD devices. From driving and texting to the inappropriate use of certain websites, many behaviors could expose your company to claims of negligence or harm. Fortunately, a good BYOD policy will not only ban these types of behaviors, but it will also protect your company from their potentially harmful impact. Are Employees a Bigger Threat Than Cybercrime? What the Research SaysUnfortunately, it seems that many of today’s CTOs, as well as business owners themselves, do in fact feel far warier of the risky behaviors—and sometimes flat-out bad intentions—within their organization than they feel regarding anonymous hackers and other cyber-criminals when it comes to mobile security. Verizon’s most recent 2020 Data Breach Investigations Report showed that actually, 70% of attacks are external. However, they also found that casual events caused 22% of attacks surveyed, and 67% of attacks were initiated by malicious emails. This puts companies at a particularly vulnerable place with so many mobile devices at risk of opening malicious emails. They also found that “credential theft, errors and social attacks are the three most common culprits in breaches.” This puts remote workers at particular risk. With a lax attitude toward mobile security measures or even a dose of malfeasance, an employee can leave a business open to the same risks that result in potentially devastating malware and ransomware attacks from professional hackers on the outside. With a lax attitude toward mobile security measures or even a dose of malfeasance, an employee can leave a business open to the same risks that result in potentially devastating malware and ransomware attacks from professional hackers on the outside. Employees Often Compromise a Perfectly Good System of Mobile Security MeasuresPWC shares that, while data breach incidents attributed to outside hackers have reduced, internal threats—including suppliers, consultants, and contractors—have stayed about the same, or they have increased. The number now stands at about 30% when it comes to current employees who are the source of security incidents. The Reasons That Employees Pose a Security Risk VaryIt is difficult to understand why an employee would leave their company exposed to risks when their relationship is intended to be founded on a certain mutual trust. A few possible reasons to consider include, per Advisen:
BYOD Blurs the Lines Between Ownership and ControlIt is an attractive proposition for CTOs –as well as CFOs and CEOs– to skip the step and cost of purchasing mobile devices for employees. But, as is the case with most things that seem too good to be true, there is a downside to the BYOD revolution. When the employee controls the device, it is simply more difficult for the CTO to enforce crucial mobile security measures, such as ensuring anti-virus protection and data encryption or making sure that necessary patches and updates are applied in a timely manner. Additional risky or concerning behaviors that employees engage in when it comes to BYOD—or even on company-owned devices that employees keep with them 24/7— include:
ConclusionCreating a secure BYOD policy for your company is about protecting vital business data and, at the same time– taking precautions that make it possible to give employees the freedom to use their personal devices in the workplace, for work-related purposes. However, it is possible to create a comprehensive BYOD policy your employees will appreciate and protect valuable business data and assets. If you’d like to learn more about Preyproject’s role in securing your company’s assets, check out our buyer’s guide. How Prey solves the most recurring problems of remote work The growing number of endpoints connected to delicate systems has created an increase in cyberthreats. Luckily, we have the tools to fend them off. December 5, 2022 keep readingMobile Device Management for Education – The Complete Guide The current influx of remote learning protocols has further increased the need for MDM security efforts in schools.With remote learning protocols, IT professionals face different concerns that require the need for increased MDM efforts. May 20, 2022 keep readingApple Device Management: Guide to The MDM Solution As companies increasingly support remote work, bring-your-own-device (BYOD) policies have become more common, companies need to be able to monitor and secure these devices. This article explores the following concepts regarding Apple device management May 20, 2022 keep readingTechnology Challenges Students, Teachers, and IT Face with Remote Learning Student access to technology and the teacher’s adaption to remote learning have become critical technology challenges for schools and universities during the pandemic. What are the three 3 Disadvantages of Bring Your Own Device BYOD processes at a workplace?Here are some of the major cons of Bring Your Own Device system:. Lack of Uniformity in Devices. A significant drawback of the BYOD model is the diversity of devices used for office work. ... . Increased Distraction. ... . Higher Security Risk. ... . Difficult Data Retrieval. ... . Legal Issues.. What is one of the biggest challenges to a BYOD policy?The most glaring negative of a BYOD policy is that when employees bring their own devices to work, the IT department loses almost all control over the hardware. Your sysadmins can't dictate what apps or programs employees install, how they secure their devices, or what files they download.
What is BYOD and how does it relate to security?BYOD (Bring Your Own Device), also known as BYOT (Bring Your Own Technology) refers to a security policy of allowing employees to bring personally own devices such as laptops, tablets, and smartphones in the workplace, and to use them to access confidential information and applications belonging to an organization.
What are the topics of some general concerns risks or vulnerabilities associated with bring your own device BYOD?BYOD issues around security and privacy
Personal devices may lack data encryption capabilities or can be lost or stolen, increasing the risks of data loss or exposure. Personal devices may contain malicious apps or malware or be more vulnerable to attack from online threats.
|