Many companies are introducing Bring Your Own Device (BYOD) schemes to their working practices. Despite the numerous benefits this offers, many businesses are still not equipped with the necessary protection to implement these schemes in the right way. Understandably, businesses want to give staff access to devices which can improve productivity and mobility, but they need to ensure these are equipped and updated with the latest technology to secure corporate networks from increasingly complex threats.
Free eBook: Modern Retail Security Risk – Get your copy now.
According to a recent survey of 2,000 UK workers by Elitetele.com, 21 per cent had accessed pornography and/or adult websites on a personal device which was also used for work. Alarmingly, 25 per cent claimed they were unaware visiting such websites could lead to their device being infected by malicious viruses or bugs that could compromise the data on their device.
Opening such a gateway in to a business can have severely damaging effects on its ability to operate, particularly since 24 per cent of women and 21 per cent of men admitted they would be too embarrassed to inform their employer if a breach of security had indeed happened as a result of accessing such content. With 7 per cent of both sexes claiming they would only disclose this information after one week and 2 per cent within a month, in this time a business could be severely compromised by cyber criminals who have the opportunity to peruse poorly secured corporate networks at leisure because nobody has raised the alarm, and nothing is being done to stop them.
Coupled with Gartner’s[i] findings that a quarter of business users admitted to having had a security issue with their private device, it is clear more needs to be done to manage BYOD schemes effectively. With the proliferation of mobile devices within the workplace and increased mobility amongst staff, businesses must address this issue now. The need to provide solutions to these new working norms doesn’t mean businesses should jeopardise their security practices.
Many organisations are still confused about the security and cost implications of BYOD. They want to know how to ensure data protection and prevent malware and malicious apps being downloaded, as well as how to understand usage allowances. There is a real need for specialist advice and guidance to help organisations make the most of the benefits of BYOD and ensure security of their information at the same time.
The following tips can help any business seamlessly implement an effective program whilst ensuring security and compliance remain at the centre of the process:
Policies and compliance – BYOD can lead businesses to violate rules, regulations, trust, intellectual property and other critical business obligations. A key aspect of a BYOD implementation is having guidance through these areas. Before deciding on any technology or systems, organisations first need to be clear on objectives and policy priorities. IT should not look at BYOD in isolation as it has HR, legal, compliance and financial implications. A competent consultant or BYOD partner should be able to provide assistance with procedures, policies and employee usage agreements as part of the service offered.
Access important data anytime anywhere – With employees increasingly needing to access business content on the go, businesses need multi content delivery capabilities managed centrally so that information can be accessed, stored, updated and distributed across a range of mobile devices. Establishing data loss prevention controls to protect all documents from unauthorised distribution; mobile content management can ensure a range of preventative features. Whether this is securing email attachments so they’re encrypted only to be viewed by authorised applications or implementing wipe-out options for specific users or time specific access options, important business data should never be left lying redundant and accessible to cyber criminals.
Manage devices connected to the network – With multiple devices connecting to the corporate network, without a comprehensive strategy and the correct technology in place, BYOD can potentially expose companies to increased costs, security risks and operational issues. By implementing a mobile device management strategy businesses can monitor exactly what devices are configurable to access secure, corporate data. Whether through web filtering or application control, businesses can eliminate device misconduct and security breaches at every level. Should a device be lost or stolen, an organisation can remotely wipe sensitive data, keeping business critical data secure at all times.
Manage emails by separating personal from corporate – For more and more businesses supporting a fast growing mobile device fleet securely is a key concern. Having a mobile email management solution in place enables organisations to enforce control policies from device encryption and device blocking, to ensure business data is never accessed by any unauthorised bodies and that any email attachments are opened in approved only applications. This provides the complete separation of personal and corporate data with advanced loss prevention features. It also allows businesses to implement a whole host of security measures, including authenticating users with a username and password and remotely configuring and monitoring all email accounts.
Mobile device expense management – A Mobile Device Management (MDM) solution can be utilised to control costs associated with data usage and optimisation of inclusive bundles on corporate liable devices. Although there are variations by operating system, businesses can control usage of call types that are outside the inclusive call bundle such as 118 directory enquiries, premium rate services and international dialling. Businesses can also block particular call types or send a message to employees to inform them their behaviour will incur a cost for the organisation. This could include instructions that calls to particular numbers are cheaper from a landline.
Control mobile data costs – MDM allows businesses to have control of data usage across all devices, without it there is no visibility of how much of a business’ mobile data usage is taken up on non-business applications. Using MDM this can be controlled centrally and non-business applications blocked either as a whole or by group. Another feature is the ability to remotely deploy Wi-Fi credentials so that devices connect automatically to Wi-Fi when located at corporate facilities. This saves mobile data allowance and also allows the organisations to keep control of Wi-Fi credentials thereby protecting the network.
Know who enters your business – For a business to be as secure as it can be today, a Unified Threat Management (UTM) facility is the best way to inspect all traffic entering and leaving an organisation. It can look within traffic to inspect the content and detect intrusion attempts anywhere. IT teams can rely on a UTM to recognise anomalous behaviour and pre-empt attacks before they are able to infiltrate. Its ability to control the corporate Wi-Fi access also makes it incredibly useful for mobile devices. It can be trusted to alert and notify 24/7, while constantly reporting back to the Network Operations Centre (NOC) to respond to any alert or security event and maintain the system with up-to-date information. By monitoring all traffic, security breaches can be stopped before they pose a big problem.
It is essential for businesses to put in place robust BYOD policies and consider additional security to not only safeguard against intrusions but also provide peace of mind that they have the best possible defence against cyber sleuths. With 89 per cent of IT departments now supporting Bring Your Own Device initiatives[ii], businesses can enjoy the transformative benefits offered by a more flexible and mobile working environment.
By Russell Horton, COO, Elitetele.com
Russell Horton, COO at Elitetele.com joined in 2014 at an exciting time for the company, having acquired 9 companies and grown to over £30m turnover by 2014, Elitetele.com has embarked on the next stage of its evolution, Russell’s role as COO is to help lead Elitetele.com in delivering on its long term vision.
About Elitetele
At Elitetele.com, our mission is to help businesses grow and improve performance through the powerful provision of bespoke technology and communication solutions. Our vision is to be the communications supplier and employer of choice.As one of the fastest growing privately owned technology businesses in the UK, we will continue to accelerate our growth by bringing together the best technical minds in the marketplace with unrivalled and innovative unified communications solutions and internet services for businesses.We are the only unified communications provider to be featured four times in the Sunday Times Tech Track 100, which recognises the fastest growing technology companies in the UK. Elitetele.com is a Swyx Gold Partner, and the first unified communications provider to be presented with Swyx’s International Partner of the Year Award 2013.We employ over 100 staff members across six offices, including a European arm in Madrid. Customers include, Merlin Entertainments Group, P&O Ferries, American Airlines, Yo! Sushi and one third of the Premier League football clubs.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.