BYOD can be a cost saving measure for businesses and a great freedom and flexibility tool for employees, but there are a few things you...
There is a new trend emerging in offices and businesses all around the globe known as BYOD (Bring Your Own Device). A recent study from Cisco states that 78% of knowledge workers in the US already use a mobile device (smartphone, tablet, laptop) for work purposes and 44% of workers view an organization in a more positive way if they support employee owned devices (Tweet this!). BYOD has been touted as a great cost saving measure for businesses and a great freedom and flexibility tool for employees, but before you get involved there are a few things you should be aware of.
Related: Get quotes from VoIP phone service providers.
The "End Node" Problem
Since BYOD devices are accessing data on both secure networks, like your corporate intranet, and insecure networks, like the internet, they are at risk to what is referred to as the end node problem. This basically means that the device is not managed to the security standards that are in place for most of the other devices on the secure network and thus can "cross contaminate" the secured business network. Think of it the same way as working with food in the kitchen, you can't use the same knife to cut raw meat and then chop vegetables, this would put the vegetables at risk for bacteria from the meat.
The same rules apply, when accessing insecure networks the device can be compromised by many attack vectors including out of date software, weak or lacking security tools, mis-configurations, insecure content and apps, etc. Some of these issues can be addressed with MDM (Mobile Device Management) Software Suites that will monitor the employee owned devices to make sure that they are meeting a minimum level of security. It's also a good idea to implement a BYOD policy to require that certain minimum security standards are met or the device is not allowed on the company network.
Related: BYOD: Does Mobile Anti-Virus Work?
Loss or Breach of Sensitive Data
Loss or theft is common among small easy to nab and often sought after high tech mobile devices. The newest Android or Apple gadgets make great targets for thieves and these devices go missing frequently due to their concealable size. Mobile device security and accessory company, Kensington, noted in a recent study that a laptop is stolen every 53 seconds and 70 million smartphones are lost or stolen annually with only 7% recovered (Tweet this!). When a mobile device goes missing sensitive company data or access to company networks often go with it. Since many users are lax with security on their personal devices a thief can quickly have access to the employees email, documents, and potentially connect to your secure corporate network via saved passwords.
Theft and loss aren't the only risks either, unsecured wifi networks like airports, hotels and coffee shops can be easy targets for data theft, especially since employees often use them when on the road. A malicious user can capture data packets sent over the network and reconstruct them into email, documents, passwords, etc. The same Kensington study also estimates that 80% of the cost of a lost laptop is attributed to the cost of data breach. A single user could account for millions of dollars in damages to your company depending on the data that got out, if it resulted in a lawsuit, for example.
BYOD Is Probably Happening Already
One of the biggest challenges with BYOD is that it is extremely difficult to police and prevent, most likely your employees are already bringing their own devices and you may not know it. If you have a wifi network in the office your employees most likely know how to access it and one of the first things they probably do is connect their smartphones to the network. Now you have an insecure device inside your network and you may have never even considered the implications. A good solution for this scenario is to create separate wireless networks for secure and insecure devices. Many modern off the shelf routers and nearly all enterprise grade wireless networking equipment has the ability to present one network for known devices that can access other internal devices securely and a second network for unknown employee devices that can only reach outside to access the internet.
Even if you secure your internal network from BYOD there is still a very good chance that business email is being accessed on employee's mobile devices. Litmus reports that as of June 2013 44% of all email is opened and read on a mobile device. This means that sensitive internal communications are still likely happening on insecure devices and there is potential to deliver malware from an infected employee device to another employee inside your network. This is an extremely difficult scenario to protect against since these days most businesses expect their employees to be paying attention to and responding to email outside of regular business hours and as such can't limit use to work computers.
BYOD is all but guaranteed to be here to stay so your best bet is to adapt and make the most out of it. Implement a BYOD policy to let employees know what level of security you expect them to maintain on their personal devices and put clear rules in place as to what is not allowed. Create a segmented wireless network so they can access the internet, but not secure locations on your business network. Help to enhance security by education employees about securing their devices with strong passwords and alerting you immediately if they're lost or stolen. Following these suggestions will help you to be as safe as you can be in the new world of BYOD.
(Image: adamr via freedigitalphotos.net)