How To Implement Mobile Device Security For Your Employees’ BYOD
In this post, we describe the risks of using personal mobile devices in the workplace and offer solutions for managing that risk.
Mobile Device Use
Today, employees frequently bring their computing devices such as smartphones, laptops, and tablets to the workplace for use and connectivity on the corporate network. They also use their devices on the road for a variety of tasks including checking the status of customer orders, photographing and recording site visits and equipment, and emailing, texting and video calling.
Employees want and need the convenience and flexibility of using their mobile tools at work and on the go so they can connect as required. And they don’t want to carry separate devices for work and personal use.
The practice has become so familiar it has earned an acronym – BYOD, for Bring Your Own Device.
Mobile device use in business, whether on personal or business-purchased equipment, is excellent for productivity but comes with significant risk to your company’s confidential data.
One of the most significant risks is loss or theft of the mobile device.
According to statistics from a Kensington study:
- One laptop is stolen every 53 seconds.
- 70 million smartphones are lost each year, with only 7 percent recovered.
- 4.3 percent of company-issued smartphones are lost or stolen every year.
- 52 percent of devices are taken from the office/workplace, and 24 percent from conferences.
The ensuing risk to the company’s confidential data is staggering and the greatest worry for IT, security, and risk managers.
Securely managing laptops, tablets or smartphones is at the top of their priority list today.
The Kensington study reveals too that the costs associated with the loss or theft of mobile devices, (laptops, tablets, and smartphones), are significantly higher than the value of the device itself. Additional losses include:
- Employee productivity.
- Intellectual property – 80 percent of the cost of a lost laptop is from a data breach.
- Network breach costs include legal and financial implications.
- Customer confidence and loss of business.
- Business downtime.
What are the main security risks for BYOD’s?
- Exposure or leakage of data during transmission
- Physical loss of the device and resulting data loss
- Unsecured Public WiFi: Access to WiFi is convenient and becoming widely available in public places; however, devices your employees use are vulnerable to attacks sent through these networks.
- Unauthorized use by friends or family of tools used for business applications.
- Malicious apps: Smartphones are particularly susceptible to application-based threats. Third party apps can be rife with spyware and malware that quietly infiltrate your system and steal both personal and corporate information. Apps innocently downloaded from third-party app stores are often culprits.
- Operating system security customizations: Users executing procedures such as root, unlock, and jailbreaking to remove vendors’ configuration restrictions on their devices exposes data.
1. Encryption for access and data exchange
Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as ciphertext. If your device is stolen and encrypted it is virtually impossible for the thief to access your data without the encryption key.
2. Mobile Device Management
Mobile device management (MDM) is security software used by IT departments to monitor, manage and secure employees’ mobile devices even if they are deployed across multiple mobile service providers and various mobile operating systems used in the organization. When combined with additional security services and tools (such as Mobile Application Management) it creates a complete business mobility management solution.
3. Employ user training and awareness regarding passwords, updates, and logins:
- Require employees to create strong, unique passwords for every new account they create on their mobile devices.
- Standard login default modes should never be used for employees’ accounts. Private, password-protected data can’t be hacked, even if their phone is.
- Make it a requirement that employees update their device’s software regularly. Regular updates ensure that their devices are protected, by patching known exploits against the latest spyware threats.
4. Two-factor authentication (2FA):
Require employees to set up 2FA, which is a way of adding additional security to an account. The first “factor” is the usual password that is standard for an account; the second is a code retrieved from an external device such as a smartphone, or a program on their computer.
5. Use an encrypted USB drive:
Encrypted USBs, which are password protected, add an extra layer of security to sensitive information that is shared across the business.
Hardware encrypted USBs are more secure, as the encryption is not purely software based and therefore cannot be hacked easily.
6. Develop Recovery protocols for lost, stolen, or compromised devices:
Protocols should include immediate notification of the loss to the business IT department, or whoever is in charge of client data.
Most devices come with remote access to delete or transfer information so check that employees know how to access the “find my device” feature and, if necessary, activate a remote wipe.
Is it worthwhile for an SMB to allow BYOD?
Given the list of challenges and risks, a business owner may not want to allow employees to use their own devices for work, but realistically, the practice has benefits.
A study conducted by Cisco demonstrated how not only business owners save money by allowing employees to BYOD, the employees also benefit from increased productivity that translates into a personal financial boost.
Given the prevalence and popularity of the practice, employers who embrace BYOD have more control over their employees’ device use, when they implement a comprehensive BYOD policy and security protocol.
How secure is your network?
No one can guarantee you’ll never suffer a security breach. However, our team stays up to date on the latest security threats, has years of real world experience and training and will do everything we can to make sure your network is as secure as possible. Cyber-threats may be evolving, but we are too. Evolve with us at Netcetera to avoid becoming a victim.
If you have an emergency, a question, need advice, or are thinking about making a technology change, give us a call at 604-980-2700.