Almost everyone owns at least one portable device, whether it’s a smartphone, laptop or tablet. The ubiquity of these devices has led to many businesses allowing employees to bring them to the office and use them for professional tasks. But there is a catch: the convenience of ‘bring your own device’ policies comes with an increased risk of cybersecurity threats. In this article, we look at what they are and what businesses can do to mitigate them.
Data Leakage
Data leaks are always a possibility when employees connect personal devices to company networks, whether they do so to access specific files, read their emails, or access sensitive information. Such leaks can stem from their devices’ weak security or when they are lost, stolen, or misplaced.
A typical way of mitigating data leaks occasioned by this is mobile device management. Your IT team should be able to “wipe” any device marked as stolen to ensure no one can access any sensitive information it carries.
Another option is to use smart data provisioning. This means every device should have access only to the data and networks it requires and nothing more. If this device is somehow compromised, the attack is less likely to propagate to the rest of the network.
Malware
Most personal devices lack the robust security implemented on company-managed devices, which makes them more vulnerable to malware attacks. A user might, for example, download a malicious file or install a malicious app without thinking much of it and end up infecting the company’s network.
Businesses should provide adequate training to ensure employees protect their devices from such attacks. They can start by ensuring everyone completes a cyber security course and undergoes regular additional training so they are always aware of the existing and emerging risks so they can avoid them.
Unclear or Insufficient Security Policies
Many companies are guilty of using vague terms like “avoid unsecured networks” in their policies. But what is an “unsecured” network? While some people may be able to infer what it means, many do not know what it means precisely.
It is up to the business to ensure its security policies are detailed, clear, and specific. They should also have policies that protect against all threats, including:
- Location tracking
- Network connectivity
- Single sign-on, lock screens, and passwords
- VPN use
- Regular device updates and patching
- Mobile device management
Mixed Personal and Business Use
Having a bring-your-own-device policy means employees will use their devices for personal and professional tasks. A business cannot control whether an employee downloads an infected file on their device. Even when employees follow all protocols and avoid putting the device in vulnerable situations, you never know if someone else using their device will.
App segregation, where there is a strict boundary between personal and professional apps and data, can help with this. Additionally, employees should be encouraged to use a VPN and conduct regular file integrity monitoring to know if specific files are added or changed so the IT team can take action as soon as they are.
Bring your own device policies are great for many businesses that want employees to use the devices they are most comfortable with. However, it prevents novel cybersecurity challenges and exposes businesses to threats they should know about. They should also have measures that ensure robust protection if or when they embrace this policy.
