by Emily Heaslip, Nightfall
It’s estimated that over 50% of employees use their personal devices for some work activities. As more people use their personal smartphones or laptops to do their jobs, the security risks at an organisation increase dramatically. BYOD — whether instituted as a formal policy or as an adaptation to the pandemic — opens a company’s systems and platforms up to hacking, data loss, and insider threat. Being aware of some of these critical BYOD security concerns is the first step to protecting your important, valuable company information.
What is BYOD?
Before we get into some of the pitfalls of BYOD, it’s important to understand what is BYOD — and why a company might use it. BYOD stands for Bring Your Own Device. It’s a policy that allows employees to work on the device they choose, using their own laptop, mobile phone, or tablet to access their company email, work documents and more.
BYOD often happens ad hoc or without formal implementation by the organisation. An employee who adds their company email to their smartphone, for instance, is inadvertently practising BYOD. During the pandemic, many employees switched to their personal devices to keep up with the new remote work paradigm.
BYOD comes with several security risks and challenges. According to some research, 50% of companies that allowed BYOD experienced a data breach through a personal device. Here’s where BYOD security risks lie — and how to overcome some of these risks.
Three BYOD security challenges
Here are some of the top BYOD security challenges facing businesses today.
Lost or stolen devices
Almost half of data breaches — 41%, precisely — happen due to lost or stolen devices. Consider some of these stats:
- Out of 70 million devices stolen each year, only 7% are ever recovered.
- Only 56% of BYOD companies use remote wipe and MDM to deal with security
- IT theft ranks almost as high as car and transportation theft
Lost devices are potentially the biggest threat to BYOD security. When a device is found by the wrong person, it can easily be infiltrated and mined for personally-identifiable information. Luckily, there are some simple ways to protect your company data in the event of a misplaced or stolen personal device.
BYOD security best practice: Implement a strong mobile device management (MDM) strategy and action plan. This includes tools like data or device encryption, remote wiping capabilities, geofencing and geolocation. Require employees to use some biometric (like a thumbprint) and a strong password to unlock their device. When a device is stolen, make sure your employee immediately lets your IT team know so they can wipe or lock down the device.
Few employees are aware that malware can infect a smartphone, not just a laptop. While they may have anti-malware programs installed on their personal computers, not many employees pay attention when it comes to reading the fine print of an app or downloading content on their phones. “Outdated mobile operating systems can be a major risk factor, with some of the most vicious forms of malware primarily affecting outdated OSs,” added one expert.
BYOD security best practice: Make sure your employees are keeping their software up-to-date. Limit what apps an employee can download if they’re using their main device for work. Malicious apps are one of the easiest ways hackers and malware compromise your system. “TechCrunch reports that some of the confirmed malicious apps included titles such as ‘Pokémon Go Ultimate,’ ‘Guide and Cheats for Pokémon GO,’ and ‘Install Pokémongo,’ in order to appeal to fans of the game.”
When an employee logs into work using a coffee shop’s free Wifi, they’re putting your company’s data at risk. Unsecure internet networks, such as those in public spaces like airports and cafes, are often targeted by attacks. Hackers can intercept traffic coming to and from your employee’s device and use it to infiltrate your company’s systems.
BYOD security best practice: Ask employees to download and use a VPN on all their devices. You can also offer a data package that allows employees to tether, or hotspot, their laptop’s internet connection to a mobile device. These options offer a more secure way to get connected. In addition, encrypt every device’s emails, messages, and photos.
Meeting BYOD security risks
Hacking, malware, and data leakage are the biggest BYOD security risks. Bad actors take advantage of unsecured devices, networks, and malicious apps to mine personal devices for company information. A robust MDM approach — or a more modern unified endpoint management approach — is critical to minimising the risks associated with BYOD.
The pandemic has dramatically increased the number of devices (entry points) through which a hacker could infiltrate a company’s systems. As users add apps like Zoom and Slack to their personal devices, it’s becoming easier to target valuable customer and organisational data stored on cloud platforms. MDM tools and services can help — as well as a cloud data loss prevention service.