Mobility—The downside of BYOD
Bring Your Own Device (BYOD) is becoming more and more popular as a solution for providing devices for employees to work on. However, each type of device comes with its own problems and security issues. According to the editor of TechAdvisory.org, the following threats impact the security of workplace technology platforms where employees are using Android devices. However, it is safe to say that these threats aren’t limited to a single device operating system.
- Unsafe devices—Devices that leave the factory with security flaws
- Malicious apps—Intentionally or unintentionally installed malware
- Information leakage—Sensitive data from legitimate apps syphoned off by unscrupulous cybercriminals
- Banking malware—Phishing scheme that overlaps mobile banking apps and steals credentials required to log in and effect transactions
- Ransomware—Malware that blocks devices, demanding payment to unlock them (WannaCry)
There is no denying that BYOD is a trend that will continue. However, organizations need to take precautions to make sure that their data assets, equipment and networks aren’t compromised by bad devices and bad decisions with those devices. Some measures to consider might be:
- Requiring any device used for business purposes to be locked with a passcode. Someone shouldn’t just be able to pick up a device off a restaurant table and start accessing apps and data.
- Requiring that two-factor authentication be enabled for any apps that offer them, and especially apps that are used to conduct business, from cloud storage to calendars.
- Requiring device owners to keep up with patches and updates, subject to audit. As threats are uncovered, device manufacturers and mobile service vendors will send patches and device updates. These must be applied as they come in.
- Conducting periodic security assessments of each device at least annually, if not more frequently. Employees who fail to take the required measures will lose BYOD privileges.
- Ensuring that everyone knows what to do if their device is lost or stolen. Any device that is used for business purposes and is lost or stolen must be reported to the company for appropriate actions and monitoring.
BYOD is doable, but everyone has a role in keeping the practice safe.