9 tips for protecting your business from the dangers posed by personal devices
Bring Your Own Device (BYOD) is a workplace trend that’s here to stay – and it’s easy to see why. From the reduction of equipment costs for businesses to convenience and flexibility for employees, nearly 75 percent of companies are allowing their staff to use their own laptops, tablets, and mobile devices for work, according to a Sapho report.
Forbes asserts that BYOD policies save companies $350 per employee per year, while increasing productivity by 34 percent. They also foster employee satisfaction, as 78 percent of employees feel BYOD supports a better work-life balance, Sapho reports.
But with all these benefits come heightened security concerns. Data breaches are a serious risk in the most controlled environments – and BYOD represents a loss of control that’s alarming CIOs and IT leaders. After all, it only takes one corrupted device to impact an entire network.
Banning BYOD isn’t really an option, especially with the rise of the Internet of Things (IoT). From smartphones to fitness trackers, many employees have shown that they will keep using personal devices on company networks even if it’s not permitted. And that makes it even more likely that they aren’t following proper security measures.
A recent survey by Finn Partners found that only 25 percent of employees who use personal devices at work update the security protocols and operating systems on their devices each month, and only 26 percent regularly change log-in credentials.
Creating an effective BYOD policy to protect your network and lower your cybersecurity risks has never been more essential. Let’s take a look at nine steps companies can take to mitigate the risks of BYOD.
- Don’t focus on specific devices. With so many different kinds of devices connecting to the Internet, taking a device-specific approach to BYOD security is largely a waste of time – forcing IT staff to constantly update their protections as new wireless-enabled devices appear. An RFID Journal report asserts that the number of IoT devices on a company’s network could be as high as 20 per employee and businesses aren’t even aware that many of them are connecting.
Instead, companies should focus on securing “mobile moments:” a popular concept in marketing circles to define the moments when people pull out mobile devices to immediately get what they want. By embracing this holistic strategy, businesses can adopt cybersecurity measures that take into account critical data like user identity, time, location, behavior, and biometrics. They can also receive insight into app state, transaction requests, and user experience on the network.
- Set up an employee exit plan. Employee turnover is inevitable, and BYOD devices make the exit process more complicated. Not only do these employees have sensitive data on devices the company doesn’t own, but failing to eliminate their access to company data and networks heightens the company’s risk of theft, cyber-attacks, and data breaches.
Even so, only 34 percent of companies remove data from employee-owned devices through a remote wipe or other process when employees leave. The importance of creating a detailed process for exiting employees with BYOD devices can’t be overstated. That should include disabling company emails, wiping devices of company data, and changing the passwords to all the employee’s company accounts.
- Set strict guidelines for employees who work out of coffee shops. Public or free Wi-Fi networks are fraught with cyber risks, and employees should be discouraged from using them when working remotely. Hackers can create their own public Wi-Fi network that mimics the coffee shop’s and looks legitimate, enabling them to view sensitive data after a remote employee joins. These open networks also up the risk of man-in-the-middle, spyware, or malware attacks.
If public Wi-Fi must be used, require employees to install a Virtual Private Network (VPN) to minimize these risks. VPNs function kind of like a firewall for online information, allowing users to securely access and share data remotely through public networks.
- Require two-factor authentication for remote access. Cracking insufficient passwords is child’s play for advanced hackers, and physical devices can be easy to swipe. BYOD policies should require employees to provide two different pieces of information to confirm their identities before remotely accessing a network. A strong password typically serves as the first factor, followed by authentications such as SMS codes or hardware.
- Make sure lost devices are reported immediately. For every minute a device containing company data and access to a company network is lost or stolen, the risk of a data breach or cyber-attack intensifies. BYOD policies should require employees to notify IT as soon as they realize a device is missing – even if it’s outside business hours. The device’s access to the network and any apps accessing company data should be instantly terminated and proprietary data should be remotely wiped.
- Protect employee privacy. One of the biggest challenges of BYOD is balancing the need for company security against employee privacy. Mobile device management (MDM) technology offers a simple solution. This technology separates company data and an employee’s personal information on the device, while enabling the company to remotely access and remove its data when necessary.
- Establish password protocols. Users tend to resist complicated passwords and lock screens because they’re inconvenient. But failing to require your staff to follow safe password protocols – and detailing what they are – can expose your sensitive data to cybercrime.
Typically, that includes requiring users to change their passwords every three months and prohibiting the reuse of previous credentials. Many companies also require users to re-enter passwords after a period of inactivity. Locking users out after several incorrect logins from a mobile device is also wise.
- Block devices without the latest security updates. The success of BYOD rests on employees’ ability to keep security current on their devices. Just one user failing to download updates to antivirus software or operating systems puts entire networks at risk.
But the inconvenience of performing updates prompts many employees to keep putting it off, while others simply forget. Network access control (NAC) software forces employees to keep the security of their devices up-to-date by refusing to allow network access to devices without the latest protections.
- Install endpoint protections. Most BYOD security measures detail employee responsibilities. But organizations should also implement robust endpoint protection technology like antivirus and antimalware. Brand-new to the market is a next-generation protection technology that also has the ability to not only spot attacks – but fix
More than 90 percent of cyber-attacks begin with a spear phishing email that uses the compromised endpoint to infect an entire organization. Endpoint protections scan devices for viruses and malware, preventing hackers from slipping inside networks through corrupted BYOD devices.
BYOD is hard to avoid in today’s workplace, and neglecting best practices can open the door for costly data breaches and malicious cyber-attacks that damage your organization. There’s no one-size-fits-all strategy for creating effective BYOD policies – they must be tailored to the unique needs and procedures of your business. A skilled cybersecurity provider can help you implement security processes that allow your company to reap the benefits of BYOD while keeping its network and data secure.