Employees bring their phones, laptops, and tablets to work every day. While there are rewards associated with bring your own device (BYOD) policies, like cutting costs for companies and increasing employee productivity, there are also risks.
BYOD carries vulnerabilities, such as enabling malware to travel further because the divide between work and home is essentially obliterated. These devices can not only be hacked, but also can also be misplaced, lost, or stolen. Since employees use these devices for work, imagine how quickly the costs and security risks associated with lost devices can add up for the enterprise.
BYOD drives increased exposure to malware and infections due the enterprise’s IT and InfoSec team’s having lack of control and visibility into personal devices. Consider scenarios around data leakage. For example, depending on the financial success and market footprint of a company, there’s generally top client lists shared internally. And when competition arises, another company may use a hacker to access this list. This is becoming more common. Once they access an employee’s email account, a simple search for e-mail addresses linked to one of those clients can expose sensitive communications and contacts.
A recent report from Markets and Markets found that the enterprise BYOD market is estimated to grow from $35.10 billion in 2016 to $73.30 billion by 2021. With that said, security of confidential company information should be top of mind for companies who embrace BYOD into their workplace.
Five BYOD Security Tips For Keeping Employees’ Mobile Devices Safe
- Use password protection. Require employees to activate screen locks, to password protect devices, and to wipe history clean after failed login attempts.
- Avoid free Wi-Fi hotspots. Free Wi-Fi hotspots are not firewalled. Public Wi-Fi hotspots are normally not safe enough to access personal or business information while on your device. Once employees know this, they should use their company-secured VPN or virtual private network software.
- Be tech aware. Show and continually educate employees on how to recognize phishing scams.
- Avoid unknown email address. Employees should not trust a sender who poses as an individual claiming to be a part of the board of directors or the CEO.
- No "rooting" or "jailbreaking." Employees should not “root” or jailbreak the system of their personal mobile device. Tinkering with factory settings on a personal device opens it up to viruses and can prevent the device’s operating system from functioning properly.
Mobile Device Management Protects Sensitive Company Information
Mobile Device Management, or MDM, is software that can offer additional BYOD security for any type of mobile device, whether for business or personal use. With MDM, if a mobile device is lost and someone other than the rightful owner enters the passcode too many times, the device will lock down. It can also delete critical information. In addition, MDM software offers firewall protection, encryption, and security policy enforcement. MDM acts as a monitoring system and enables remote configuration to ensure that your organization’s best practices are maintained. A smart BYOD policy discourages employees from removing MDM software, and it should be made clear that doing so violates the company’s security policy.