BYOD and the security risks to businesses

13/01/201613/01/2016 Sandi

Technology research and advisory company Gartner defines Bring Your Own Device (BYOD) as ‘an alternative strategy allowing employees, business partners and other users to utilize a personally selected and purchased client device to execute enterprise applications and access data. Typically, it spans smartphones and tablets, but the strategy may also be used for PCs.’

There’s security issues we should be concerned about. If just one vulnerable employee gets hacked by an outsider, say the business’ competition, they may access the files on his/her device. They may also be able to get his/her contacts.

This manipulation can be as easy as sending an email with a virus. As long as the vulnerable employee uses their device to contact other people, they can pass on the virus and infect the entire business network, making more information privy to hackers.

What can businesses do?

1. Invest in an IT department/person to check the network and ensure nothing looks odd. They can set up firewalls that prohibit devices on the network from running certain applications or sites that could possibly bring in malware. These applications may be third party types that come pre-infected and may access sensitive data stored on the device including that of the company without warning the owner. The firewalls can also stop other PCs outside the company from accessing the PCs inside on the company network.

2. Mobile device management (MDM) systems can be run to monitor devices remotely by one trusted employee, preferably in the IT department, to ensure that employees’ devices are not under any attack. The problem with this system is that you need the consent of the owner who may not feel too comfortable having their device monitored by the employer so many may refuse to have it installed. They might opt to use company devices at work but they’ll still likely hop on the wireless network from time to time while the employer is not watching.

3. Claim your data rights and remind staff that all data about the company on their devices remains the property of the company even if they leave. They have no rights to distribute it or leak it as they would face the law for that. This is useful for disgruntled employees seeking revenge after being fired/retrenched.

4. Train your employees on remote device tracking and locking, incase their device is ever lost or stolen. They can lock their phone and protect the data on it from falling into the wrong hands. Pins and passwords on the device can be

It’s hard to track all the data flow between devices, and BYOD faces another security risk when owners use the devices on other networks outside the office. Anyone else on the network with hacking skills can get access to that device and steal important information. Encourage your employees to get updates for the latest operating systems on their devices as well as applications that provide reliable security and or encryption features.