Ensuring the Security of BYOD
BYOD (bring your own device) creates a security risk and an IT headache, but not for the reasons you think. Employees started to embrace BYOD long before organizations and their IT departments accepted it or even realized it was happening. IT departments are worried about security and compliance issues, rightfully so, but that shouldn’t stop them from putting a strategy in place to protect their organizations, users, and data. Your BYOD strategy must define support processes that employees have to follow in order to work from a mobile device within the corporate network. Security is a priority, so an organization must understand a few necessary steps to ensure your are protected. Define rules for accessing corporate applications, select acceptable apps and which are off limits, and require passwords and key locks if necessary. Organizations must also address acceptable user policies and implement tools that identify malicious breaches in order to stop them from being introduced into the enterprise.
Mobile security needs to expand beyond just the device in order to best protect your users and network. First step is to ensure each device is properly secured; which entails installing anti-malware, having a working firewall, use of strong passwords, lock-out procedures and remote data wiping if there are multiple failed login attempts. If you are using a cloud provider, it is imperative they offer centralized security when users are using mobile-based applications to access corporate data. Organizations that have users using their mobile devices for personal and corporate use, need to decide what type of strategy they want in place for these devices. Organizations may choose to use a hypervisor to separate personal from work data, but most organizations don’t differentiate on mobile devices. IT departments need to understand users will access data on their mobile devices personally, that they might not be permitted to do on the company’s network, therefore exposing that device and then your network when they reconnect, to outside risks. Regardless, remote wipe on all mobile devices that access company data should be a MUST!
Education is a piece of the puzzle that is often missed when discussing mobile device security. You are talking users of an organizations that may have zero technology background. They may barely understand how to use all the features of their phones and tablets, let alone understand the security risks mobile devices may have. If you are allowing a BYOD strategy within your organization, you must educate your users on the potential risks that they are facing with their devices. This should include explaining in detail the policies you are implementing, as well as directions and tell-tale signs they need to be watching out for. You also can’t assume that each user is protecting their own mobile devices, never ever assume this. Organizations need to protect these mobile devices, like they do every workstation within their business, or else they are exposing their network and data to great risk.
Cloud technologies should give organizations some piece of mind when it comes to the security of BYOD. There are companies that offer Security-as-a-Service cloud products to secure BYOD. There is also cloud-based anti-malware software out there as well that can scan data before it ever reaches a mobile device; the network is better equipped to handle threats, and the cloud offers a faster, more agile way of dealing with security threats. Using cloud services, organizations can respond faster if a device is lost by locking down or remotely disabling the device. They can also focus on how to encrypt information and find ways to authenticate both the end user and the device. Because let’s face it, even if you educate your users on the security risks, you can’t force them to be compliant. You have a responsibility to your business to take your security out of the hands of your users, and make it as fool proof as possible.
2W Tech is a Silver Microsoft Certified Cloud Partner and an experienced IT Consultant and would be happy to work with you to ensure your organization is protected and you have a strategy in place for BYOD within your workplace.