Published on December 29th, 2019 | by Sunit Nandi0
Updated Mobile Security Tips for a BYOD World
The BYOD, or “Bring Your Own Device,” movement has taken over the workplace. Today, with the increasing popularity of remote working, more and more employees choose to work from their personal devices from a location of their choice, as opposed to working from an office computer. In fact, over the past decade, the BYOD market has grown tremendously. According to an article on Biztech Magazine, the BYOD market is estimated to grow upwards of 15% every year until 2022, from an already high starting value of $30 billion in 2014.
Considering the many benefits of the BYOD movement, these numbers aren’t surprising. From the convenience and comfort of using one’s personal device at work (or from a remote location) to companies themselves saving money by not having to purchase mobile devices for staff; the BYOD movement continues to be favored by most. To quote Biztech, “The majority of respondents to a Bitglass survey (85 percent) use their own devices at work.” While the allowance for BYOD may seem like a win-win for both employers and employees, there is one particular aspect of this movement that can yield more risk than reward: security.
BYOD and Mobile Security Threats
The rise of BYOD has obviously given rise to many opportunities for cybercriminals, often with devastating results. This is because mobile devices — be it smartphones or tablets — are susceptible to cyberattacks in a way desktops and business computers are not. An article by UAB’s Collat School of Business details the various threats that come alongside the use of mobile devices for work. These include malware, attacks as a result of gaining physical access to a device (through theft, loss, or leaving a device unattended), and even insider attacks by disgruntled employees.
BYOD and Mobile Security Protocols
With the potential of these major threats, allowing employees to use their own unsecured devices for work purposes is a risky proposition. Even so, employers choose to allow BYOD at most workplaces. Why? To quote information security architect John Carnes in an article on Security Boulevard, “Security, though, isn’t always the deciding factor. As is the case in most investments, cost often drives the final decision. Enabling BYOD can be more cost-effective for companies, making it a financing issue rather than an information security issue.”
Ultimately, it seems that the benefits often tend to outweigh the risks. Employers are able to save a lot of money by negating the need to purchase devices for employees — in fact, according to an article on Staffbase, employers can save more than $1097 per employee. BYOD also increases employee productivity, with studies showing that 49% of employees feel more productive when they’re using their own device at work. Additionally, BYOD allows for workplace flexibility, which in turn keeps employees happier and more satisfied with their jobs.
All these advantages combined make for high ROIs when it comes to BYOD. That being said, the risks that mobile devices pose can’t simply be ignored. For companies that allow for BYOD, the right security protocols must be put in place:
Acceptable Use Policy
Companies must have an acceptable use policy in place. This should clearly define what applications employees can use when connected to a work-related network on their personal mobile devices. Companies should also recommend installing two-factor authentication protocols on all personal devices as a primary safeguard against theft or loss of a device. While this can’t be forced upon employees, most employees should understand the need to protect their own data and be more than willing to install this advanced security measure.
Additionally, the acceptable use policy should also cover how devices are allowed to be used during business travel. Traveling means that devices are often connected to unsecured networks, putting company data at even greater risk. To minimize cybersecurity risk during business travel, insist that employees follow basic safety protocols. These include avoiding public WiFi networks and disconnecting from WiFi networks as well as Bluetooth functionalities when they are not needed. Additionally, ask employees to use VPNs for increased safety.
As defined by experts at AT&T Cybersecurity, containerization is “an evolution of virtualization.” Traditionally, “virtualization requires entire “guest operating systems” to be deployed on a hypervisor or host operating system.” However, containerization fixes this problem by allowing for only a particular application and its dependencies to be virtualized. Essentially, containerization allows employees to see work-related data only in a very specific environment designed by the employer. Within this environment, the employer also has access to the mobile devices’ work-related data (without being able to view personal data).
The main advantages of containerization are that all employer-employee interactions happen in a “contained” and encrypted environment, greatly reducing the risk of a hack or cyberattack. Additionally, in the event of mobile device theft or loss, employers can remotely wipe the “work container” from the employee’s device, securing their own assets. Containerization is an efficient mobile security measure and should be thoroughly considered by employers that allow for BYOD.
One of the best ways to secure personal mobile devices against external threats is through educating the employees themselves and creating awareness about cybercrime and cybersecurity. One way to do this, as recommended by Washington State University, is for senior leadership to take the lead in developing training programs that teach employees how to identify various hacking attempts. Employees should be well-versed in spotting rogue links, fake programs, suspicious apps, and illegitimate emails. Widespread awareness amongst employees is a necessary safety measure and can provide an additional initial layer of safety.
Even with its risks, BYOD is here to stay. It’s important that organizations are aware of the various threats a BYOD policy can pose so that they can implement appropriate security measures to keep company assets and data safe. Thus, businesses should keep updated on new trends in cybersecurity, and subsequently, cybercrime. Ultimately, businesses must stay vigilant and inculcate robust security protocols so as to thrive in today’s connected world.