How To Plug the Security Gaps in BYOD
Employees everywhere will by now be familiar with the concept of ‘Bring your own device’ (BYOD) technology – the policy of permitting people to configure and use their own PC and mobile devices for work purposes.
Indeed, more than 50% of organisations and over 70% of employees use personal devices in this way – and the numbers continue to grow. This evolution is relevant for everyone: 87% of businesses depend on their employees’ ability to access critical mobile business apps from their smartphone – and they gain some 240 hours of extra productivity work per year from these employees as a result of allowing them to work in this way.
Unsurprisingly, the recent pandemic only served to accelerate this trend, as companies increasingly moved employees to home working. This is expected to continue for at least the next five years. The BYOD market will hit $367 billion in 2022. As such, enabling and maintaining secure BYOD remains at the top of the agenda for IT security teams around the world.
It’s not hard to see why BYOD practices are so popular. After all, organisations enjoy a host of benefits. There is less hardware to buy – and the hardware that is needed can be a lower spec. Employees are happy, because they are free to use the devices they prefer in the way they want. They can also stay connected with teammates, wherever they’re working. Meanwhile, employers save money in the process. They don’t have to buy, upgrade or manage employee-owned devices – from computers and printers to smartphones, tablets and peripherals.
At first glance, BYOD seems like a win-win. However, as more people use their personal smartphones or laptops to work in this way, the security risks for organisations increase exponentially – for all sorts of reasons.
Why BYOD must be properly managed
Personal devices are by nature less secure. This is because they are less stringently monitored and harder to control than business-owned ones. As such, cybercriminals are more likely to target them to break into corporate networks, as they can exploit security vulnerabilities more easily. This is a critical issue, as it leaves networks using BYOD potentially open to hacking, data loss, and even insider threats from employees themselves.
50% of companies allowing BYOD have experienced a data breach directly through a personal device – and almost half of data breaches (41%) happen on lost or stolen devices. Just 7% of the 70 million devices stolen each year are recovered. Despite this, surprisingly only 56% of BYOD companies use mobile device management (MDM) to maintain security on these types of devices.
What are the major BYOD risks?
Installing malware and malicious applications
While working on their own devices, employees can easily and inadvertently visit insecure sites and download dangerous malware and viruses. If these threats stay undetected, they can spread and infect the entire organisation – with serious and potentially long-lasting consequences.
Breaching data security
Unless your employees have tightly secured sensitive content on their devices, hackers can breach their files and create issues for your business. What’s more, if the device is lost or stolen, malicious individuals may gain access to your company network.
Leaking sensitive data
As part of the above, enabling employees to use their own devices to access and manage critical business information like financial records, customer details and intellectual property can leave your organisation vulnerable if this information is exposed or compromised.
Being aware of these risks – and taking steps to mitigate them on an ongoing basis – is essential to safeguard your people, business and reputation.
How can you stay protected while using BYOD?
So, what can you do to ensure strict governance and endpoint security for BYOD?
Educate your employees
By ensuring everyone is up to speed on security best practice and the associated risks, you can go a long way to minimising breaches. Set out a clear and consistent BYOD security policy and make time to share it in detail with your people. Everyone should understand what they can and cannot do on their personal devices.
Keep personal and business separate
Make sure that personal and business data stay separated, to ensure appropriate security and privacy is in place for sensitive files and information which employees may not want to share in a workplace environment. Directions of how to do this should be included in your BYOD company policy.
Use a VPN
Encourage employees to connect their devices to networks they know are protected and secure, wherever they are working. An encrypted virtual private network (VPN) will provide the safety they need to work productively without jeopardising any sensitive files and information.
Use virtual desktops
Explore the option of creating virtualized desktops to give employees a dedicated, secure workspace on which to automatically store applications and files on shared drives. This enables IT to be managed centrally, in one place, so you can oversee activity and keep things protected and backed up. Look at enforcing MDM and endpoint security so that you are able to remotely wipe data from any lost or stolen employee devices.
How we can help
We have extensive experience in creating and maintaining this type of best practice for BYOD and beyond.
Our security team are experts in securing and maintaining modern work environments. Using our advanced Managed Security Service, you can mitigate threats while removing the hassle of maintaining a secure environment at work. Meanwhile, our Threat & Vulnerability Assessment, powered by Tenable Nessus, gives you an accurate picture of the security of your environment with specific actionable next steps and areas for improvement.
Case study: Blue Coast Capital
As a significant asset manager with interests in real estate, retail, entertainment and more, Blue Coast Capital is a privately-owned business with 110 employees. It wanted to improve its security posture and safeguard sensitive company data – so was looking for a solution to proactively protect systems and data from cyberattacks, 24/7.
Transparity deployed our fully Managed Security Service to deliver best practice security for Blue Coast Capital’s environment, backed up by round-the-clock customer support. We took ownership of the entire security process, through detection, prevention and mitigation of security threats, working proactively to identify potential vulnerabilities and resolve them, while continually improving overall security posture.
The result for Blue Coast Capital is end-to-end security protection and assurance with access to our skilled SOC engineers alongside our Security Incident and Response Team. In 2021, our security team of specialists handled more than 2,000 events including 6 critical vulnerabilities impacting businesses worldwide.