Most businesses have thought about securing their network against outside attack from hackers and malicious code but there’s an even bigger risk, and it comes from within.
The use of Bring Your Own Device policies has increased massively in recent years and with over 3 billion smartphone users around the world, it is a rare company that doesn’t have most of its employees using a mobile device.
The problem is that with so many mobile devices now in use, there is a large opportunity for cybercriminals to exploit any vulnerabilities in the BYOD environment.
So let’s look at the reasons why you may not want to allow users to connect their own devices to your network and what you can do about it.
Most companies have a large amount of data. In some cases, this will just be business data but in others, it will be customers personal or sensitive information.
The problem with people using their own laptops, tablets or mobile phones is that they can download that data and then wander off to an insecure location.
The first security issue with mobile devices then is that they are just that – mobile.
Whilst you may spend a great deal of money and a lot of time and effort securing your network the same may not be true of your customers or suppliers. So when your sales rep goes on a visit and connects to their network they may well be opening up the proverbial ‘can of worms’.
If you own the device then you can mandate who can install apps and software and what can be downloaded.
If you don’t own the device then you can’t.
If an employee so chooses they could download as much malware onto their phone or tablet as they like and there would be nothing you could do about it.
That’s fine if they choose to do that but as soon as your errant staff member connects to your network, that’s when you have a problem.
Trojans, ransomware or spyware, it really doesn’t matter what type of malware infects your employee’s device, it is going to be bad news for your business.
Have you ever noticed how some people just don’t seem to be able to keep hold of things?
We all have that friend who constantly loses their glasses, the book they are reading or even their car!
Most of the time it is just amusing and harmless but if you have a staff member like this and they lose their laptop with your data on it then you are in trouble.
Phones and tablets that don’t have a secure method of locking can also have password autocomplete which would allow any finder free access to your network and systems meaning that you are seriously at risk from all manner of malicious attacks.
Devices that connect over unencrypted connections leave the users vulnerable to a snooping attack.
Connecting securely to the company network isn’t the problem here when the person is on-site, the issue is when they connect using public WiFi.
Typically these will be unencrypted connections that are, by their very nature, open.
This means that anyone with a little technical know-how and some freely available software could easily gain access to the device and cause mayhem by keylogging or simply using it to piggyback into your network.
What can you do about it?
So with all of these potential problems what can you do?
Well, the obvious answer is to ban BYOD but in the real world that probably isn’t going to happen, especially in smaller companies where the employees are using their own devices to carry out company business.
Tip 1 has to be to implement a sensible BYOD policy. There are plenty of examples on the web and having this in place will let people know what they can and can’t do.
Putting in technical measures to ensure that when people do connect they aren’t likely to compromise your systems is a good move. Firewalls, access controls and threat management systems are all good and you may want to limit the types of websites that people can visit when using your internet connection.
Although you can’t force people to encrypt their devices it is a good idea to encourage this. Most phones, laptops and tablets have the ability to encrypt stored data and it is simply a matter of turning it on. The problem is that most people don’t know about it.
If people are going to be connecting to your network over open WiFi then it is a good idea to consider providing a Virtual Private Network or VPN. When connecting over public WiFi VPN encrypts data whilst it is on the move, meaning that the chances of someone snooping or keylogging is eliminated.
And if you really don’t like the increase in risk that BYOD represents then think about providing mobile devices for your employees. By retaining ownership of the device, you also retain control meaning that you can lock it down so that only authorised people can install apps and software.
BYOD is a risk that can be managed
BYOD represents a real risk to unwary companies and it is important to understand that allowing employees to have unfettered access to your systems is almost like inviting the world in too!
Whilst they are away from your controlled environment your people could download all manner of suspect apps which in essence means that you are downloading them too.
The good news is that there are some simple and often free ways that you can protect your business from the effects of this and reduce the risk of data breaches.
Why not start today and think about whether you want employees accessing your network and what you can do to protect yourself.