Bring-your-own-device policies have remade enterprise IT in the last decade, as professionals have been empowered to use their own smartphones, tablets, and laptops to work with company data. With 83 percent of employees regarding their mobile devices as more important than a cup of coffee in the morning, it's not hard to see how BYOD can do wonders for worker satisfaction and morale.
But organizations have to be smart about BYOD, because the practice can also amplify risks to company assets via leaky, unsecured apps and opportunities for data theft. Here are five things to know about today's leading BYOD vulnerabilities and why you should address them with solutions from Powertech.
1. Mobile Devices Can Become Conduits for Malware Distribution
Smartphones and tablets generally don't contain the anti-virus, data backup, and basic security measures that come standard on many PCs. For example, last year, a study from McAfee found that 30 percent of mobile users don't use password protection.
In the absence of robust defenses, devices can turn into funnels for malicious content distributed through the internet, especially if the enterprise lacks an adequate monitoring solution. Threats such as ransomware have shifted from PC to mobile in recent years, while becoming more sophisticated through the use of hard encryption of stolen files. Strong network security is now paramount.
"Accessing internet content without anti-virus or basic security precautions, which aren't found on mobile devices, could infect the device and compromise [your] own personal data, and [the] organization's network which [you] traverse when bringing it into the company's ecosystem," J.D. Sherry of Trend Micro recently told Bank Info Security.
2. Employees May Feel Inclined to Skirt Sound IT Practices
In theory, securing BYOD need not be difficult. But in practice, enterprise security teams have to deal with employees who may work around restrictions on devices and apps.
More specifically, 2013 research from Acronis and the Ponemon Institute found that two-thirds of companies didn't have policies governing usage of public cloud-backed services such as Dropbox, which are popular among consumers but unsuited to the storage and transmission of sensitive data. Similarly, many organizations make policy exceptions for executives, creating inconsistencies in security implementation.
3. A Lost Device Can Become a Liability
Compared to PCs, mobile devices are upgraded much more frequently and are highly prone to being stolen or misplaced. About 22 percent of all smartphones and tablets will be lost at some point, half of them without ever being recovered.
When a device goes missing, it can be a gold mine for anyone who recovers it. Since many endpoints are not protected with a passcode or enabled for remote wipe, they may leak data.
4. BYOD May Heighten Compliance Risk
A device may store privileged information alongside personal documents and photos. Without separation, assets can become intermingled and put enterprises at risk for lapses in compliance.
With BYOD, organizations may end up giving employees the benefit of the doubt in properly tracking data, or rely on a third party to do so. Neither approach is as good as using an endpoint security suite to keep tabs on traffic and data exchange.
5. There's an App for That, and That's Not Always a Good Thing
Mobile apps, especially popular ones, have myriad vulnerabilities, including ad networks and location tracking, that are present even if the software doesn't contain actual malware. Many apps also request extensive device permissions, meaning that they can interact with locally stored sensitive data.
Employees who use unapproved apps are putting the company in danger from surveillance and data theft. Blacklisting/whitelisting, anti-virus software, and strong authentication solutions can help mitigate these risks.