Balancing Endpoint Security With BYOD
By Jackie Roberson
These days, businesses are founded on policies of BYOD. Startups and small businesses see the benefits of avoiding the expense of corporate tech and taking advantage of their personal tech–laden workforce, so instead of amassing a fleet of servers, computers, and office phones, they encourage workers to bring their own. Employee productivity is enhanced dramatically; workers feel more comfortable and confident using their devices, and they can accomplish work-related tasks from anywhere at any time.
BYOD is advantageous — but it is also dangerous. Those same businesses that most gain from BYOD policies are also becoming primary targets for cyber criminals, who use the relative insecurity of smaller organizations to steal valuable data. Thus, for businesses to use BYOD effectively, they need to be certain of the network’s security — which means focusing on endpoints.
Common Threats With BYOD
BYOD policies are relatively new; only within the last 10 years has technology advanced enough to provide workers the mobility they need to bring devices from home. Still, in that time, cyber security experts have identified the primary risks associated with BYOD, which include:
Devices disappear all the time. A worker might leave a smartphone on public transit or be burgled of a laptop at a coffee shop. Device loss is common, but for businesses, it can be disastrous. Rather than hacking through well-protected networks, criminals need only take data the old-fashioned way: physical theft. It is relatively easy to bleed a device of its valuable information when it is in a criminal’s physical possession.
The Apple App Store has yet to offer a corrupted app, but the Google Play Store and dozens of third-party app providers have allowed thousands of infected apps onto users’ devices. Malicious applications are just as dangerous on mobile tech as they are on computers; through this mobile malware, cyber criminals can do nearly anything with the infected device, including gain access to business networks and data.
A confusing message, a suspicious link — phishing is an old trick in cyber-crime, but it still works. End users are consistently the weakest link in security, regardless of whether they use computers or mobile devices. Though many businesses implement security solutions to filter out phishing attempts, they typically only do so on company devices. Meanwhile, employees’ personal devices remain vulnerable to attack.
Compared to PCs, which have existed for nearly half a century, mobile devices are relatively untested. Plus, new mobile tech emerges every year. In recent months, Apple has been criticized for its record number of vulnerabilities, and other mobile tech, such as IoT devices, are notoriously insecure. This means there is a greater chance for developers to overlook vulnerabilities that make targeted attacks on devices (and businesses) successful.
BYOD Endpoint Security Best Practices
To avoid these common mistakes, business leaders need to devise strict rules regarding BYOD at their organization. An ironclad business network is of little use to the mobile workforce, who connect with and use business data from devices and networks around the world. Thus, endpoint security is a vital element of any BYOD policy. Here are the most important considerations for protecting endpoints within BYOD:
Centralization and Consolidation
Not all endpoint solutions are compatible with all types of mobile devices. Business leaders can mandate that only certain types of devices are eligible for BYOD, so they can ensure visibility and security of all connected devices.
Businesses should consider their security needs as they develop policies to keep devices and data safe. For example, compliance is a primary concern in many industries; using risk and compliance solutions on endpoints might be critical for adequately protecting sensitive information. Additionally, BYOD policies should provide a structured response for different disaster scenarios, such as lost devices or terminated employees.
Does a policy exist if it is not enforced? Rules themselves do not protect a business; it is the active execution of BYOD rules — to include penalties — that keeps cyber criminals out. Business leaders may need to employ tech tools to enforce their policies. For example, if one OS is prohibited, devices running that OS can be fully blocked from connecting to business data with appropriate network software. It should go without saying that employees who defy the BYOD policy should no longer be allowed to participate in the BYOD program.
Regardless of whether a business allows BYOD or not, it should place employee security training as a high priority. While software solutions help keep a business secure, there is no replacement for a workforce that can recognize and avoid threats. Whether they are using corporate PCs on the business network or connecting to coffee shop Wi-Fi on a smartphone, workers should be trusted to keep the business secure.
About the Author:
Jackie is a content coordinator and contributor that creates quality articles for topics like technology, business, home life, and education. She studied business management and is continually building positive relationships with other publishers and the internet community.