In the past, the way in which organizations handled technology was simple. An IT department would drive all the technology a company used, including computers and servers, software, security protocols and mobile devices.
More importantly, the IT department would decide what employees were allowed to use for their daily business duties. Of course, all of that has changed in recent years.
No ad to show here.
A majority of organizations have embraced the BYOD — or bring your own device — culture. All levels of management, employees and associated members of an organization are allowed to choose what device they want to use regularly, and they keep it with them at all times. This means they effectively use the same device for business and personal use in many cases.
The trend was always bound to pick up. Just look around at the technology used at most organizations, and you’ll see refresh cycles are painfully slow, especially in the government sector. This is not necessarily due to the negligence of an IT department but rather the strict limitations and restrictions they must adhere to.
A 2011 IBM study revealed a whopping 73% of business leaders allow their employees to supply their own mobile devices and tablets, which in turn have unsolicited access to corporate networks. Obviously, that was back in 2011 and the number of companies using the BYOD practice has grown since then.
There are benefits to the BYOD practice, but there are cons, as well.
BYOD: The Good and Bad
One of the biggest benefits of a BYOD setup is that organizations and businesses often save money. This is because the employees pay for their wireless service and the device that goes along with it, and many of them are happy to. According to a 2013 Good State of BYOD report, 50 percent of companies that supported BYOD at the time required device and service costs be covered by employees, and again they were more than happy to do so.
The underlying reason for this is because they get to use a device of their choosing, instead of one that’s forced on them. Android lovers are free to use an Android smartphone, iPhone lovers are free to use an Apple smartphone, and outliers are free to use, well, whatever they would rather use.
Generally, this also means they can customize and set up the device as they wish as well, including by installing their choice of third-party apps and services. This keeps employees satisfied, but also more efficient in that they get to use a device and toolset they’re already familiar with, as opposed to having to relearn how to use a company-mandated device.
A Risk to Security
Unfortunately, this is also where one of the biggest security risks of BYOD comes into play.
Because these devices are being used for both business and personal use, it means they house a great deal of information. Should someone unscrupulous tap into to these devices, they will have unfettered access to not only personal accounts and data, but business-related data too. It goes without saying this is dangerous and poses a significant security risk for not just the individuals using these devices but the organizations they work for, also.
It doesn’t help that well-designed phishing apps have cropped up here and there for mobile platforms. The attackers design the UI and interface to look exactly like an official app, and the sole purpose of these phishing tools is to collect user information such as account logins, credit card numbers, bank info and more.
Security firm PhishLabs claims to have found 11 of these applications on Google Play in 2016 alone, and those are just the offenders they found. It’s entirely possible more apps slipped through the cracks.
In the event an infected device taps into a corporate network or infrastructure, hackers could potentially gain access to everything stored on that network, and any and all devices connected to it. It’s a remarkably dangerous and risky prospect.
How to Secure a BYOD Environment
But that doesn’t mean BYOD environments are all doom and gloom. BYOD just requires a different kind of security and management approach in order to protect sensitive data. For instance, there are several ways that a BYOD setup can be controlled.
Yes, employees should be free to choose their own device, but that doesn’t mean there shouldn’t be some restrictions on what is allowed and what isn’t. Managing mobile devices is one way to protect security at your company or organization, at least when it comes to the devices employees are connecting to a company network.
This allows IT teams to pinpoint what types of devices — and users — should not be allowed access to the corporate network, allowing them to take action faster in the event of a problem.
In addition, it’s a good idea to establish policies that restrict the kind of information and activities employees can do with their business devices — both at work and at home. For example, a company-wide rule could be no one is allowed to use their business device to install or play games. Mobile games are known to have a variety of security risks associated with them.
The main point here is to simply manage and restrict the devices in a more reasonable way. Again, this gives the IT team the resources they need to locate a potential threat and take action. This also allows you to better educate employees and keep them in the loop when it comes to security because everyone has to play their part.
Feature image: Viktor Hanacek via Picjumbo
