BYOD or Bring Your Own Device is a popular option for many businesses since it allows employees to manage their own work-life balance. Employees have more flexibility to complete work wherever or whenever it is necessary throughout their day. Businesses also can save money by allowing their employees to pay to keep their technology working well. Although BYOD has benefits, there are also security risks to consider. BlueKey IT can assist with security policies to address BYOD Security Risks Concerns and Solutions.
BYOD Security Risks Concerns and Solutions
Data loss on a stolen device
Concern: Data Loss is one BYOD security risk. Devices are extremely portable which is one of their benefits. Taking a device somewhere though also increases the chances that it will be lost or stolen. If the password is then discovered after being stolen, the phone’s data and the cloud software with the company data that it accesses can be accessed and compromised.
Solution: Ensure that the company can be remotely wipe a device clean in case it is lost or stolen. Then if the phone is stolen, the data on it can be removed before the data is compromised. Make sure each account utilizes multi-factor authentication. This way even if the password is compromised a second layer of security is in place to stop data loss.
Spyware
Concern: Employees will download non-authorized apps that could potentially contain spyware. Spyware is a BYOD security risk for the business and also the employee’s personal information. Spyware can be difficult to detect since it does not necessarily change the way a device behaves. Instead it watches each action as it happens. So when a user logs into a bank account, the spyware gathers the username and password along with bank information. Another user can then use the information to access the account. When an employee logs into the company’s cloud software on the device, the spyware can gather the username and password. Later another user outside the company can access any information kept within the software (patient data, client credit cards, architectural plans, etc.).
Solution: Businesses can implement enterprise app stores that limit the available apps on the device. Education is also key. Informed employees can decrease BYOD security risks by downloading approved apps only or by learning the benefits of reading the terms and conditions of each app. This is necessary since some app developers include other potentially dangerous software with the download of an app. The spyware can be in the terms and conditions and download with the application if the employee does not read the terms and conditions. Educate employees to avoid many types of spyware that can put business data at risk.
BYOD Security Policies
Any company that decides to implement BYOD, needs to implement a security policy. Include the following:
- Mandatory antivirus protection
- Secure firewall settings
- Automatic updates for all software and operating systems (need article about keeping OS updated for security)
- No jail broken phones-if a phone has been broken, it is susceptible to malware. Once the malware is in the phone it can view the data in banking apps and password keepers. It can also have issues with crashing.
- Password complexity (need article on Password complexity)
- Multi-factor authentication for all accounts
- Use a VPN to connect to the network
- Mobile device management (remote wipe if lost or stolen)
- Work permissions- decrease the amount of access to company data as appropriate. Then employees access only the information necessary for their position and limit the potential loss.
Minimize BYOD security risks with these solutions. It is important to consistently educate employees about new risks and ensure security policies are understood and followed. A good IT support company like BlueKey IT can set up, maintain and troubleshoot issues to assist the company so it starts the program without as many BYOD security risks.