BYOD - what is it?
BYOD – Bring Your Own Device. What does it mean? Simply put – BYOD refers to staff using their own mobile phone, tablet or laptop to perform work duties. BYOD can help business grow, but it comes with IT security risks that business should be prepared to manage.
Given the post-covid world where remote work is often the norm, the vast increase in cyberattacks have left many organisations caught out by the need to create BYOD policies designed to mitigate risk of cyberattack.
Not only do many IT departments have no oversight of staff BYOD use, even if they did, they don’t have the tools to mitigate risk.
In the recent past it wasn’t difficult to ban staff from accessing data from personal devices, but with a disparate workforce this is not always practical. Companies are treading a fine line between business productivity and risk.
Here are four BYOD security issues to be aware of.
DATA LEAKAGE
Some businesses are rightly concerned about implementing a BYOD strategy the risk of making the company vulnerable to data breaches. Personal devices are generally not part of IT’s managed infrastructure, meaning personal devices are not actively monitored or protected by company firewalls and security policies.
In addition, employees can connect personal devices to open, unencrypted public wifi networks making them vulnerable to ‘man-in-the-middle’ attacks. This is a major concern to businesses if the employee is accessing business critical apps whilst connected to a public wifi. Once the device owner has connected to a malicious hotspot, attackers can monitor activity, often able to view usernames and passwords in plain text
LOST DEVICES
Another concern for companies is the possibility of employees losing their personal device. If a device with sensitive company information falls into the wrong hands, a serious data breach could occur. Businesses need to have contingency plans in place for such events, firstly to make it a rule that employees must report a lost or stolen personal device to IT if they have used it to access company data. Secondly, IT should having a means to wipe data remotely using such tools as Microsoft InTune or Okta..
POSSIBLE HACKING
Personal devices tend to lack robust data encryption to keep other people from snooping on private information. In addition, employees may not be regularly updating BYOD’s with the latest software and security patches, increasing risk of infiltration by hackers and malware.
Cybercriminals are always looking for opportunities to steal valuable corporate data, and lax BYOD policies provide the perfect opportunity.
VULNERABILITY TO MALWARE
Company BYOD strategy must factor in potential for viruses and how to deal with them if they occur. If employees use personal devices for work related activities, they’re able to access sites and install mobile apps that companies would restrict access to.
If employees have the freedom to user personal devices such as smartphones, laptops or tablets for work purposes, keeping track of vulnerabilities and security updates can be difficult. BYOD strategies must include the ability for IT or MSPs (Managed Services Providers) to manage and monitor access, and just as importantly, have the means to mitigate risk in the event of a breach or attack.
Contact Cyberlorian if you require assistance, advice or solutions to your BYOD challenges.
Raph Tripp has worked in a variety of roles including IT management, Operations, project management, PMO and as both systems and business analyst. Since 2000 he has worked in a range of industries including gaming, hospitality, managed services, NFP and education.
