As Generation Y has entered the workforce and the demand for flexible working has increased, there has been a sizable shift from employees using company-owned devices to bring-your-own-device (BYOD). BYOD has its benefits, particularly for employees, but it also presents new cyber security challenges.
Anytime personal devices are interfacing with corporate data, you run the risk of data loss and breaches. If your company is thinking about putting a BYOD system in place, here are five security risks you need to know about:
If your employees use mobile phones, tablets, or laptops that don’t have the appropriate protection, then they are vulnerable to cyber attacks. Even something as simple as ignoring a software update can leave your corporate data at risk.
With smartphones, for example, the software update process varies quite a bit depending on the device. While Apple pushes software updates out to all iPhone users, Android devices only get updates when the carrier or manufacturer releases them, which can leave them vulnerable.
Your company’s IT department and its employees need to work together to keep personal devices secure. Make employees aware of how important it is that they update their devices, and have your IT department help employees set up anti-virus protection and firewalls.
One of the most significant issues with BYOD is employee negligence. All it takes is one employee falling for a phishing scam or visiting the wrong website to expose your company’s information.
Education is key in minimizing such threats. Before allowing your employees to use their own devices to access company data, make sure they receive cyber security training.
Training should include information on the most common cyber attacks, including websites that install malware and phishing emails that look just like official business communications. Awareness of these threats makes them much easier to spot.
Keyboard logging is another serious problem with personal devices. Hackers can use it to steal employee’s sensitive information and even commit identity theft, so make sure your employees know how to prevent that from happening. Temporary passwords are an excellent safeguard against keyboard logging, as users only use these passwords once.
Insecure Public Wi-Fi
Connecting to public Wi-Fi networks puts any information your employees transmit at risk of man-in-the-middle attacks and other threats. While some businesses have secure access points to keep guest information safe, hotels, coffee shops, and residences often only have insecure public Wi-Fi available. Since many devices automatically connect to available networks, your employees may not even realize when they have connected to an insecure public network.
You can, of course, instruct your employees not to access any sensitive company data while on a public network, but it’s good to have a backup plan. One way to protect your company’s information is to choose a virtual private network (VPN). This VPN creates a private tunnel from your IT network to the user, encrypting data so outsiders are unable to read it.
The good news is that the most popular app stores (Apple’s App Store and Google Play for Android devices) do well at filtering out malicious apps. The bad news is that the occasional dodgy app slips through the cracks, and even legitimate apps can accidentally leak data. With the growing number of app downloads, it’s possible that an employee could unknowingly install one that poses a security risk.
An excellent solution is a mobile device management product designed to monitor apps, such as Marble Security Service. Not only can these apps pinpoint threats, but they can also keep your IT team updated on the apps employees have installed on BYOD hardware. Of course, it also helps if you can get your employees to be careful with the apps they install.
Lost or Stolen Devices
There’s more to protecting your company’s information than training your employees in proper cyber security practices. The majority of security breaches aren’t a result of viruses, malware, or any other type of hacking – they’re caused by a lost or stolen mobile device. If your employees are using personal devices for company business, set up a response plan in case a device goes missing.
One simple security measure that every employee can and should implement is a basic security code, such as a PIN or a password. This isn’t foolproof, but it slows down anyone trying to access the phone’s data.
Make sure there is a way to remotely wipe data from the device. Certain businesses program a selective wipe into devices that removes corporate data, including emails and contacts, from them. This ensures that your IT team can get rid of sensitive information right away, without needing to run it by the user first.
Many smartphones have features that allow the user to remotely lock the phone, wipe its data completely, or pinpoint its location. You may want to require your employees to set these features up so they can protect your information if a phone is lost after hours.
Cybersecurity risks don’t mean that a BYOD policy is a bad idea. There’s always the threat of cyber attacks in this day and age, and a BYOD policy has several benefits, including the flexibility it offers employees and the money you save from not issuing company devices. By being aware of the unique risks posed by a BYOD policy, you can take steps to minimize them.
About the Author
Lisa Michaels is a freelance writer, editor and a striving content marketing consultant from Portland. Being self-employed, she does her best to stay on top of the current trends in the business world. Feel free to connect with her on Twitter @LisaBMichaels.