Its gone from the latest IT trend in town to an almost expected way of life for any tech-oriented workplace, but what are the security risks to a BYOD culture?
Here, we cover the main threats and how to ensure protection.
BYOD: Too good to miss out on?
It’s pretty hard to argue with the benefits of implementing a bring-your-own-device (BYOD) programme into your business. After all, there’s the opportunity to save money whilst simultaneously increasing employee mobility, satisfaction and productivity -- sounds like a win-win, right?
Well, perhaps one area of the business that ends up on the losing side is the often forgotten IT department. If they didn’t have enough security concerns to balance on their plate already, then the ever-growing trend of BYOD is sure to make the workload tip.
Now, we’re not saying that BYOD should be immediately shunned by your business, we’re just wanting to point out that there are a huge number of threats that need to be addressed in a bring-your-own-device workplace.
"82% of companies let their employees use personal devices in the office"
Threat #1: Lost or Stolen Devices
Businesses often spend a fortune on the latest security technology to protect their data, yet, annoyingly, 1 in 3 mobile devices are either stolen or lost by their owner. If you take into account that less than 40% of users set up a password for their devices, then this is an easy access point for cyber criminals.
For most employees, our mobile devices are crammed with accessible corporate data that, if in the wrong hands, can cause a nightmare for our organisation.
Threat #2: Sketchy Apps
A shocking 97% of malware on smartphones stem from applications that are downloaded from un-trusted app stores. Combine this with the fact that BILLIONS of apps have been downloaded over the last ten years, then there’s a huge threat to your employee's devices.
These malicious apps have the potential to take control over the user’s mobile device, resulting in the possibility of surveillance, unexpected data or call charges, or loss of sensitive work information.
Threat #3: Infected Devices
As we become more and more exposed to mobile content, users start to become accustomed to “app fatigue” and the careless nature around mobile security. Ts&Cs will go unread, and so too will the excessive permissions that ask to be granted when downloading new content.
These actions all open the window to vicious forms of malware, especially ones that target old operating systems that have yet to be updated. Perhaps the scariest part of an employee's device
Threat #4: Mixing Business with Pleasure
With the world at their fingers, employees can often drift off for small portions of the day into a rabbit hole of non-work related websites -- whether it be for browsing or for online shopping. Then there’s also the risks of an employee loaning their device to a friend or using public Wi-Fi connections to save their data.
Because employees use their personal device for work and their own personal use there is always the risk of data loss, whether the device is stolen or the data is accidentally deleted this can cause great risk to a companies data.
If a BYOD is ever stolen or lost it isn't just the companies data that is a risk, its the owners personal data as well, either way a cyber criminal will be very happy to find an employees BYOD device.
Threat #5: Insider Threats
The problem with BYOD is it’s very difficult to locate insider threats. Employees will use their own devices to send data and information to colleagues, some employees might choose to keep this data to themselves.
Some employees will happily look for opportunities, they may use various methods of social engineering to obtain the company data. However, if their job role consists of dealing with data on a day to day basis they can access it whenever they wish.
Threat #6 Employee Human Error
Human error is inevitable, it cannot be predicted even though, at some point it will happen. Human error is a huge risk to companies that have a BYOD policy in place. Just losing your BYOD can open up so many security threats, such as a data breach, if a device ends up in the wrong hands, you have no control over the data on it.
"On average it takes 191 to identify a data breach"
Threat #7 Security is Outsourced on BYOD
Personal devices need updating just as often as work devices. It’s much easier to keep work devices up to data at the IT department has full control over them. Personal devices used in the workplace, such as mobiles and laptops are more prone to attacks. If the BYOD devices are out of reach from the businesses security team, the risk of a data breach dramatically increases.
Your Solutions: BYOD Security Awareness is Key
For all of these threats, there's one common issue that rings out: A lack of employee security awareness.
In this day in age, it’s vital that end-users are equipped with the security knowledge in order to combat the threats that technology can't.
Having sufficient BYOD policies that are included in your security awareness programme is a great starting point for strengthening security. Regular bite-sized training on issues like password security, the importance of updates, working remotely, and how to report lost or stolen devices are topics that can’t be overlooked for businesses.
-Changing your privacy settings
Privacy settings can be filters on applications and devices, always check your privacy settings to make sure you know what information can be accessed.
It’s a good idea to have your location services turned off and deny access to your camera. Personalise your privacy settings to your personal needs, this puts you in full control of what information can and can’t be accessed.
2- factor authentication adds another layer of security to applications and devices. There is a variety of authentication techniques to choose from.
A security question
Even if a cyber criminal gains access to your password, they will still need the other form of security to authenticate. An even more advanced option of security is MFA, this can be 3 or even 4 layers of security one of them being a password.
If you're wanting to get started on raising security awareness, then sign up for free access to our employee-focused cloud-based awareness modules that focus on a
wide-range of employee cyber threats (including the importance of BYOD security).
There are main advantages to BYOD however, there are also a great number of threats that can occur, Making sure your employees are aware of the risks and how to mitigate them is crucial. BYOD is becoming the norm in most companies, however, as BYOD is very convenient it also opens many doors for cyber attacks. Read this free guide on how to transform your end-users into a security asset.