Startup

Bring your Own Device Policy of Corporate: Threat or Flexibility

Meaning:

BYOD is the acronym for Bring Your Own Device, Different terms which can be used for this policy is: Bring Your Own Technology (BYOT), Bring Your Own Phone (BYOP) and Bring Your Own Personal Computer (BYOPC).

It is a policy which permits the existing employees to bring personally their own devices like laptops, tablets, and smartphones[1] to their workplace and use those devices to access the company’s privileged applications and information. This phenomenon in common language is known as IT Consumerization.

With the influx of generation and the increasing demand for flexible working, the shift from company-owned devices to employees bringing their own devices is having a massive impact on how IT departments^[1] react to mobile security. Bring your own device (BYOD), recently known as workforce mobility, is one of the most complex developments for CEOs because it introduces huge risks to data loss and data protection.

BYOD significantly impacts the traditional security model of protecting the perimeter of the IT organization by blurring the definition of that perimeter, both in terms of physical location and in asset ownership. With the use of the personal device to access corporate email, calendars, applications, and data so many of the organizations are struggling with how to fully define the impact on their security and establish acceptable procedures and to support models that balance both their employee’s needs and their security concern.

As BYOD allows greater flexibility and increases the productivity of the employees of the organization it also impacts the traditional IT model of the organization. Because of workforce mobility personal devices are interfacing with corporate data. This workforce mobility has created numerous benefit for employees but on the other hand, it put significant pressure on the organization. The hardest hit is small and medium organizations who don’t have the in-house resources and knowledge to mitigate the challenges.

BYOD is an attractive business model, still, there is a number of security risks associated with it. One of the main concerns for CEOs is to secure the data and also to ensure that the IT environment of the company is secure.

The flexibility of Bring Your Own Device Policy:

• Familiarity
  

One of the biggest pros in the BYOD program is that employees are able to use devices with which they are already familiar. The familiarity of employees that they are having with their own device allows them to collect data and tackle work-related tasks with more efficiency, ease and in a timely manner. Mobile technology can boost workplace productivity.

• Flexibility
  

By implementing the BYOD policy the employees are able to work from anywhere at any time without the need to use other tools to access work documents. This removes the need to email copies of documents back and forth to be stored in your company system after being worked on.

A bring your own device policy also gives the employer greater flexibility to try out new solutions. Trying to collect field data with phones and tablets can be tough when there is technical set-up involved. If a team wants to run a pilot program to try a new mobile forms software, it’s far easier to do without having to go through layers of IT to get an app installed.

• Financial Savings
  

Because of BYOD Policy, employers save money, since they don’t have to buy devices for each of its employees. An added benefit of this policy is that employees are more likely to take better care of their own devices, as compared to the company’s device. This greatly reduces costs for repairs and updating, if there are any costs at all.

Threats to Bring Your Own Device Policy:

• Increases risk of data leakage
  

As our workforce becomes more reliant on mobile devices, the floodgates of data leakage and threats open up, resulting in an even greater reliance on the IT department to secure mobile devices. When it comes to secure mobile phones and tablets are one of the weakest links and are prone to attacks. These devices also require patches updates on a regular basis and the responsibility for the same is an employee’s shoulder. Therefore the onus is on the organization to implement such policies and procedures that help employees to keep their devices secure.

• Exploits Vulnerabilities
  

Mobile devices used in the organization are less secured which simply indicate they are more vulnerable to attacks. As employees download mobile apps and connect to external Wi-Fi spots without having the correct security protocols in place. In fact, according to a study conducted by HP, it has been found that around 97% of employees of the company had a privacy issue, and around 75% lacked adequate data encryption, as it is a serious issue that can be exploited by a hacker. It is not necessary that the employees might be having anti-virus protection or have an up to date firewall present on their mobile devices, which means they are more vulnerable to attacks.

• Mixing Personal and Business Data
  

One of the biggest security challenges is coping with the storage of corporate and personal data on the same device. There may be certain types of data that may be exposed throughout the organization, so consideration needs to be given to the topic of securing those type of data.

One of the biggest threats to mobile devices is software known as malware that is installed unknowingly by the user, meaning malware could find its way onto the network.

In addition to this, there is another technique known as keyboard logging which is used by hackers to record login and password credentials. An effective way to overcome this is to implement one-time passwords so that users have temporary passwords each time they log in and which is difficult to hack.

• Poorly cared for devices
  

The biggest risk in this area is if the employee’s device is lost or stolen. Over half of security breaches occur when devices are stolen, so it’s paramount that companies are implementing encryption tactics to ensure that the device is secure against threats. Employees to secure their device should at least use some basic features like using a pin code.

Those employees who don’t keep their devices up to date are at further risk of being targeted by hackers. This includes mobile operating systems as well as apps installed on the device.

• IT Infrastructure
  

BYOD requires CIOs to make modifications to the current IT infrastructure so that it’s BYOD compliant. CIOs need to identify which applications their employees are using to interact with corporate data. The organization needs to ensure that the data is not only protected but it also conforms to the current IT infrastructure. Penetration testing should be carried out to identify any vulnerabilities with the current IT estate.

How to Overcome the BYOD Security Issues

BYOD can prove to be a greater benefit to the organization, but on the other hands it can introduce a number of risks, so to identify those risks and introduce appropriate controls is an important step that must be taken to protect your business against any malicious attacks and security breaches. CEOs of the company must purely lay their concentration on matters like how their infrastructure will cope with the increased number of devices accessing the network, ensuring that their employee’s devices are adequately secured and aren’t breaching the company’s policies.

IT professionals are constantly looking to reduce the gap, and get up to speed with the latest data security practices and advances. BYOD poses significant security risks, but if it is managed properly, it can reduce costs and increase productivity without hindering security. Educating employees of the organization on the matters like how to protect their devices and ensuring they are configured in line with security policies ensures that even the basic security precautions are adopted.