With Bring Your Own Device (BYOD) programs likely here to stay, companies are trying to find ways to reap the most benefits while downplaying the drawbacks. While it’s true that BYOD policies can lead to increased productivity, more employee satisfaction, and greater collaboration among workers, some significant issues have arisen in recent years. At the forefront is the concern over BYOD security, and since under a BYOD policy employees would be using their own personal devices to access company networks and data, business leaders are finding it an issue they need to address quickly. As businesses gain more experience with the threats associated with BYOD, they’re hard-pressed to find solutions that deal with them.
Free Download: How To Keep Your Mobile Safe From Cybercriminals!
The Threat: Mobile Malware
One of the biggest threats that comes with the adoption of BYOD is that of mobile malware. The concern is certainly legitimate. Research has shown that 2,000 new malware samples for Android devices are discovered daily. Other researchers say that between 2011 and 2013, there has been a mobile malware increase of 388% in the Google Play store. The numbers are a bit lower for Apple devices, but it still exists. Malicious apps can really damage mobile devices, and in turn, they can infect whole company systems and networks. With few protections, mobile devices are simply too good of a target for potential attackers to pass up. All it takes is for one infected device to eventually reach others that are connected to the same network.
(Tweet This: Research shows 2,000 new Android malware samples are discovered every day. #byod #security)
The Solution: App Monitoring
Avoiding these infections is the name of the game, and that comes with communicating with employees about what apps are acceptable for download. Companies can do this by setting up whitelisted and blacklisted app groups while also denying access to third-party app stores which are more likely to contain suspicious apps. IT departments can also work to secure individual devices much better by making sure each device is upgraded with the latest protection and has the latest security patches.
[wp_ad_camp_4]
The Threat: Unauthorized Access
Most employees enjoy using personal devices for their work. Not only is it easier to manage, but it also provides around-the-clock access to their job duties in cases where they need to respond quickly. The downside to all of this is that the possibility of access by unauthorized users increases as well. This can be through perfectly innocent means, such as a family member accidentally entering a business email account. It can also happen through more sinister methods, such as an attacker hacking the device after it has been lost or stolen. Either way, sensitive company information may be leaked or stolen, and that could cost the company dearly.
The Solution: Mobile Security Measures
There are many ways to tackle this threat. Many companies employ some basic security features, like passwords and firewalls. Again, communication becomes extremely important, since businesses need to let employees know that company data on a personal device is still the company’s property. That means installing remote wiping capabilities in the event of a lost or stolen device is something a business will be able to do without legal ramifications. Placing certain limitations on devices also needs to be communicated so employees don’t engage in activities deemed too risky.
The Threat: Rogue Devices
BYOD policies should be mostly accommodating, allowing for a great degree of freedom for employees. For many BYOD programs, that means permitting almost any type of mobile device you can name. But that also raises the risks of getting a device that is not adequately protected. Sometimes referred to as rogue devices, these items include rooted Android smartphones and jail-broken iPhones which have the potential to allow malware and viruses into a business’s systems.
The Solution: Mobile Device Management
Limitations need to be set in terms of what devices are accepted. This is usually done through mobile device management (MDM) policies. Through MDM, IT departments can restrict the devices accepted as part of BYOD. MDM can also help IT workers manage numerous devices from an easy-to-use central location, giving them increased visibility to track everything that is getting access to the network. Any devices deemed too risky to the system can be shut out altogether, thereby making the system and all other devices safer.
By Rick Delgado | @ricknotdelgado
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.