With the increasing use of employee-owned devices, IT departments face more serious security concerns and need to strengthen the company's BYOD policies. Besides advanced persistent threats and DDoS attacks, improper BYOD measures are the weak links that can take a company offline both in terms of reputation, and profit.
Recently, the U.S. Army made headlines after 14,000 mobile devices belonging to its staff were given access to critical data without having management software or remote wipe functions in case they were lost or stolen.
So far, the Middle East has one of the highest adoption rates (about 80 percent) of BYOD practices. According to research by Logicalis, employees in Brazil, Russia, India, UAE, and Malaysia also demonstrate much higher use of their own devices at the office.
To raise awareness of the risks of BYOD, Bitdefender outlines the top security and operational concerns IT departments should consider for better coping with the trends.
Access to Corporate Data
Companies are placed in a difficult position when giving access to corporate data. While they need to share more and more information to develop their business, they also have to restrict and personalize access to sensitive data. From netbooks and USBs to smartphones and picture-playing devices, employees own a wide variety of Internet-connected devices they want to bring to the office.
To increase efficiency and mobility, they commonly access corporate data and networks on the go, while chatting with their friends, posting social media messages, listening to music and sharing pictures online. This makes corporate data more vulnerable to security threats on the Internet: phishing, fraud and malware.
Though malware is becoming more persistent and targeted, virus writers continue to spread their code the easy way: by exploiting human weakness. Tokens, certificates, and passwords are susceptible to cyber-attacks, especially if an infected device is plugged into the company network. Installed in an attachment allegedly coming from a reputable institution, spreading through spam or social networks, malware often uses social engineering that triggers employees to click the bait fast. With mobile malware on the rise and viruses spreading on any Internet-connected device, the BYOD trend has become easy to exploit by malware writers. All companies should reinforce BYOD policies and only allow use at work of devices with mobile security software installed and updated.
Phishing and fraud
Phishing and fraud also take advantage of increased BYOD use, as these e-threats especially target employees. Fraudsters are even more 'refined' than phishers, and make money out of small, but repeated attacks. Cyber-criminals go as far as creating fake conference websites, online shops, banks and online casinos from scratch, registering them for a longer period of time to increase infection rates. Shopping online on devices used both for work and entertainment might also pose serious security risks.
Difficulty in controlling software
The number one threat that all BYOD devices are exposed to is the lack of control over software. Smartphones are the most popular devices brought to work. At the same time, they have the most fragmented operating systems, so exploits for unpatched versions make them highly vulnerable. Data breaches give serious trouble to IT departments, which find it difficult to identify and secure a connection with a more recent mobile OS.
One of the biggest BYOD concerns for IT departments is not intellectual theft, but traditional stealing from bags or pockets. Many employees transfer sensitive data to smaller devices (netbooks, USBs, smartphones) to access while on the road. Though this increases mobility and workflow, it is also a serious concern when devices such as USBs and smartphones, which are easily lost or stolen, have access to corporate networks and data. Anti-theft features incorporated by antivirus software, which protect devices from "traditional" thieves by remotely locking them in case they are stolen and wiping all sensitive data, may help solve the issue.
IT departments are confronted every day with malware infections, data theft and corporate cyber-attacks caused by human weakness. Social engineers and malware writers target the weakest links in a corporation, so everything has to be ultra-secure. Even IT employees are subject to human error, reinforcing the idea that they should be more than firewall installers.
Employees should also be trained to avoid clicking dubious links or attachments and double check suspicious email even when it is personally addressed to them. Integrating mobile device management in corporate IT management protocols is also necessary.
Basic security measures such as keeping different passwords for different accounts, regularly renewing passwords, and never accessing company data from devices they don't own or via unsecured access points may also help increase BYOD protection.
Installing a security management solution such as Bitdefender GravityZone will consolidate control for virtualized, physical, and mobile endpoints, addressing ever-evolving BYOD trends.
Security solutions on all devices will increase antivirus awareness, making employees become more security-conscious and better protected from online dangers, even when they navigate on the Internet at home.
In the end, stricter BYOD policies that cover malware and virulent adware, mobile device management and corporate data protection should allow companies to benefit from BYOD advantages such as higher job satisfaction, efficiency and productivity, and also create a safer work environment for all employees.
Follow Alexandru Catalin Cosoi on Twitter: www.twitter.com/CatalinCosoi