BYOD: 8 ways to protect your company network from unsecured devices
Welcome to Threat Intel’s #WednesdayWisdom column, which aims to help improve your cybersecurity knowledge and keep you informed on important developments.
Bring-your-own-device (BYOD) is a practice that has grown in popularity in recent years, and is now an accepted policy in many companies and organizations.
BYOD is the practice of allowing employees to use their own computers, smartphones, and other devices for work purposes.
The arguments in favor of allowing employees to use their own devices for work are that it is more convenient for them, and means they are not tied to working in the office. They can work from home, and even while traveling.
However, allowing employees in your company to use their own devices for work purposes is also a risk. It may mean that employees attempt to access sensitive company information through unsecured Wi-Fi networks, or they could potentially expose the company network to malware or other nasty infections if any of their personal devices, which may not have the same security as corporate devices, become infected.
Despite these risks, many companies do not have specific policies in place when it comes to BYOD. This is not a good idea, as BYOD is a growing area.
It has been predicted that the BYOD and enterprise mobility market size will grow from $35.1 billion in 2016 to $73.3 billion by 2021.
A survey by Tech Pro Research in 2016 found that 59 percent of companies allowed personal devices to be used for work purposes, while another 13 percent planned to allow it in the following 12 months after the survey took place.
So, with it clear that BYOD is only set to become a more common practice, it is important that organizations take steps to ensure their network is safe from potential security vulnerabilities in employees’ devices.
Here are some steps employers should follow to keep their company safe…
1. Have a policy in place
Ignoring the fact that employees will use personal devices for work purposes won’t stop them doing it, with the ubiquity of smartphones and tablets meaning that, regardless of company policy, the chances of an employee wanting to access their work email, at the very least, from a device of their own are high.
Create a BYOD policy and include it in a handbook for new employees or on the company’s intranet so that all employees are aware of what is and is not acceptable.
Make sure the policy is kept up to date as new technologies and work practices come on stream.
2. Know the devices employees are using
Oblige employees to register any personal devices they may be using for work-related activity with the company’s IT department. Prompt employees to keep this list updated so that if they sell on or stop using a device any permissions that may have been granted to it can be revoked, and any company-related data deleted.
3. Remind employees to enable 2FA
Two-factor authentication (2FA) should certainly be required to access any sensitive company data or information, but a company should also remind its employees to enable 2FA on any personal apps or online accounts they have where it is available. This reduces the chances of a hacker successfully gaining access to something like a personal email account that may result in them obtaining information that could allow them to access the individual’s work device or accounts, and subsequently the company network.
4. Require access by VPN
One of the easiest ways for hackers to spy on individuals’ internet activity, and potentially harvest information from them, is when people use unsecured Wi-Fi networks in places like hotels, airports and coffee shops. One way to ensure that employees don’t potentially reveal sensitive company information while using these unsecured networks is to require that they access certain company services via a virtual private network (VPN). A VPN offers a secure, encrypted connection, keeping the information you send online safe from prying eyes.
5. Educate employees
Ensure that employees understand the risks that the use of personal devices on corporate networks can present for companies. Explain why you are doing things like requiring they use a VPN to access certain resources, and why they must inform the company when they change devices. If employees understand why they are being asked to follow certain rules, there is a greater chance they will comply with them.
6. Enforce password protection
Require that employees secure their devices with a password-protected screen lock when they are not in use, in order to prevent anyone from snooping on an employee’s device.
7. Install mobile device management software
Mobile device management (MDM) software allows a company to secure its data when a device is lost, stolen, or improperly passed on to a new owner. Generally, a device owner must authorize MDM, and through it grant a number of permissions to the company’s IT department. MDM software allows IT departments to remotely wipe the device of any company-related activity, and some MDM software can even allow the IT department to reset the device to factory settings or wipe its hard drive entirely. The permissions and capabilities of a company’s MDM software should be clearly outlined to employees before they are asked to grant it permissions.
8. Protect all devices
Ensure all devices that access company data — corporate devices and personal devices— are adequately protected with decent security software and antivirus programs.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
