Risks of BYOD in Enterprises
The age of the mobile work force is here. With an influx of mobile devices in virtually every aspect of our private lives; employers have come to the realization that they cannot prohibit the use of mobile devices for work related agendas. Corporate IT dealt with the situation by introducing BYOD (Bring Your Own Device), where employees are allowed to bring their own devices to the workplace. A survey conducted by Cisco in 2012 revealed that out of the 600 companies and over 1,000 employees interviewed, 95% of IT departments allow employees to use personal mobile devices in the work place.
It goes without saying that mobility within the workplace has led to increased productivity by providing convenient access to enterprise systems and data. However, the introduction of BYOD has also obliterated what is left of the increasingly ineffective corporate network perimeter. IT admins now have to deal with a myriad of security challenges and implications. So the question remains; do the benefits of BYOD outweigh the risks?
“BYOD is not all about benefits; it comes with great risks that if not taken into account during implementation, can turn out to cause more issues than it solves”
Alexandru Catalin Cosoi: Bit Defender’s Chief Security Strategist
Below are some of the risks associated with BYOD;
Vulnerable Mobile Devices
Every time a new personal device is connected to the corporate network or is used to access enterprise data, the security risk expands. This cannot be avoided in the case of BYOD deployments. Since a wide variety of devices are being used; the security controls that were initially applied to a singular device now has to be applied to a horde of operating system and hardware combinations. These variations throw any hope of effectively implementing basic security controls out the window.
The most common risks related to vulnerable mobile devices include;
- Mobile devices can easily be stolen or misplaced
- It is very hard to secure a mobile device once an attacker has physical access to it
The smartphone industry is largely driven by mobile applications. Despite the fact that apps help us utilize our smartphone’s capabilities, they also increase security risks in the enterprise environment. Most people who use their own devices in the workplace also use the same device for their own personal errands; this presents the risk of malware. There are several apps out there and some contain security holes and malicious code.
Malware may also be presented in the form of e-mail attachments or dubious links. With mobile malware and viruses on a steady rise, the BYOD trend has become a target for malware writers.
Fraud and Phishing
Fraudsters have also found ways to exploit BYOD and are targeting employees. Phishers and fraudsters go as far as creating fictitious online casinos, shops, conference websites, and banks from scratch. Their attacks tend to be small but repetitive. Shopping online with devices used for both personal and work stuff poses a grave security risk for enterprise data.
Mobile devices are used outside the firewall
The mobile workforce is more productive because it works on the go; it is able to achieve this by using their mobile devices to access work systems and data outside the bounds of the organization’s firewall. If the employee connects to an insecure network, attackers can gain access to the cooperate network via the employees’ device and browse through consumer data or cooperate files.
Ineffective management of the mobile environment
The main area BYOD falls short is in the management of the mobile environment. IT admins are tasked with maintaining an accurate inventory of the mobile devices being used, keeping mobile software up to date, and supporting the rising number of mobile device variants. Smartphones have the most fragmented operating systems, this means that phones without cooperate security controls or unpatched OS versions are highly vulnerable. In the consumer space, device turnover and evolution is two to three years; IT departments can find it difficult to identify connections from more recent operating systems.
The security of a network largely depends on the users. Unfortunately, IT admins are regularly faced with cooperate cyber-attacks, data theft, and malware attacks that are brought about by users. Even IT employees can succumb to human weakness; especially those who stand by the notion that their work ends at installing fire walls. Employers should ensure that every worker has been trained on the best data security practices.
Security measures like the use of strong passwords and constantly changing passwords may seem basic but are very important practices. Before deploying BYOD, the IT department must make sure there is a BYOD policy employees can use as a guideline.
as seen on ey.com
The mobile workforce cannot be ignored. Provided it’s properly deployed and effectively monitored, BYOD has the potential to take an organization to the next level. Before deployment, a comprehensive and thoughtful policy that both addresses and acknowledges the various risks should be developed.
Author: Gabriel Lando