Mobile technology has drastically changed the way we live. Just as many people have “cut the cord” in their homes and now rely on their smart devices, businesses are now adopting the bring your own device (BYOD) trend. While it may be efficient, BYOD can open your organisation up to cybersecurity risks. Here’s how you can improve your BYOD security.
Whether your employees are using smartphones, tablets, or laptops, your organisation needs a holistic BYOD security policy.
Without this, your organisation could be vulnerable to these key BYOD security risks:
- Loss or theft of device – Employees are rarely without their personal devices. This means there’s a higher chance of devices being lost or stolen, and a greater risk of the company data that’s stored or accessed on these being compromised.
- Data loss – If a device is lost, stolen, or damaged, any locally stored data may be lost permanently if it’s not backed up in real-time.
- Man-in-the-middle (MITM) attacks – Public Wi-Fi spots are convenient for getting some work done, but they’re also popular hunting grounds for cybercriminals who use MITM to intercept data being transmitted over public networks.
- Jailbroken devices – Jailbreaking is the process of removing the restrictions imposed by the manufacturer of a device, typically to allow the installation of unauthorised or third-party software. This increases the risk of an employee inadvertently installing malicious software on a personal device.
- Security vulnerabilities – Every operating system (and the software that runs on it) has its own unique set of security flaws and vulnerabilities, which means that allowing staff to use any device and operating system increases the risk of a data breach or malware infection.
- Malware – A personal device that has been infected with malware can spread that malware to other devices connected to the company network, causing data loss and downtime.
To mitigate risks, it’s important to devise a BYOD security policy that works for the needs of your business as well as the needs of your employees. Here are some tips:
1. Make passwords compulsory on all BYOD devices
Prevent unauthorised access to company data by enforcing the use of passwords on all BYOD devices. Passwords should be long and unique.
2. Create a blacklist of prohibited applications
Blacklisting involves prohibiting the installation of certain applications on BYOD devices that are used for work purposes. This includes applications such as file sharing and social networking apps. The simplest way to blacklist applications is through a mobile device management platform that enables IT administrators to secure and enforce policies on enrolled devices.
3. Restrict data access
Adopt the principle of least privilege on both BYOD and company devices. This means that a user can access only the data and software required to do their job. This can reduce the effects of certain types of malware and limit the fallout in the event of a data breach.
4. Invest in reliable security solutions for devices
Protect BYOD devices with reputable antivirus software to identify and stop threats before they can make changes to the device. This is vital for protecting mission-critical data and avoiding downtime.
5. Backing up device data
A well-thought-out BYOD policy can go a long way toward minimising the risk of a security breach, but if something manages to slip past your defences, you need a process in place for restoring your data to its former state. Have a comprehensive backup strategy to ensure that any data stored locally on a BYOD device can be quickly recovered.
6. Educate your staff about security
The vast majority of BYOD-related security risks involve human error. Educate your employees about proper mobile safety. This includes how to spot apps that could contain malware, sharing security threat updates, and teaching them how to secure their devices by going beyond default security settings.
How can we help:
We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Managers (BTMs) are specialists in improving your internal cybersecurity. We can support you with:
- Cybersecurity technology and policy assessment
- Cybersecurity awareness training and mock events
- Cyber and Data Breach consulting and forensic analysis
- Disaster Recovery (DR) planning
Want more information about Cybersecurity?
See some of our recent blogs:
- The greatest cybersecurity threat is your team
- 3 cybersecurity New Years Resolutions
- Your web browser is betraying you