Blog

October 17, 2018

How to Manage the Inherent Risks of Your BYOD Policy

According to MarketResearchReports.biz, the global BYOD security market is expected to grow at a CAGR of 31.95 percent between 2013 and 2018. Whether it is about bringing down the time and effort in device procurement, or increasing flexible and remote working arrangements, a Bring Your Own Device (BYOD) policy presents several advantages for any mid to large enterprise. Implementing this policy can contribute to reduction in hardware costs, as well as increase in employee productivity. In fact, BYOD is not just practical, fashionable and employee-friendly, but it also frees up the bandwidth of your IT asset management teams and positively impacts your bottom line.

However, at a time when security and privacy concerns have gone through the roof, the BYOD policy also comes with its own sets of risks and challenges. As a CEO, CIO, business leader, IT security expert, or a part of the HR, Legal or Compliance teams, you will be concerned about the security of your business data, in light of the users’ activities on their personal devices. Similarly, employees may also feel threatened about the exposure of their private and confidential data, depending on the level of intrusiveness of your BYOD policy.

Over the years, some companies have successfully implemented holistic security strategies that achieve the delicate balance between workforce mobility and enterprise security. For this, they not only mapped the key threats involved with their specific device policy, but also deployed several IT security best practices and layers of risk mitigation.

Top Risks of Implementing a BYOD Policy

With BYOD, employees can work with their own devices from virtually anywhere, as long as they can connect to the organization’s network and applications. However, since the device stores and accesses personal as well as corporate data, there is a very thin, and possibly skewed line between privacy and security. Some of the inherent downsides to BYOD are:

  1. Exposure, Data Loss or Data Leakage: There is always a risk of potential loss of company data that sits on an inadequately secured, semi-private device. Additionally, your IT security team could lose control or visibility of the data during transmission, processing or storage, or due to theft or physical loss of the
  2. Insecure Usage or Malicious Apps: Due to public Wi-Fi or hotspots used by remote workers, the security of your data as well as devices could be compromised. For instance, allowing push notifications, enabling location-based services, or simply clicking on unsecured links could lead to the installation of malicious or rogue apps. These apps could modify, steal or corrupt the device software or conduct targeted hacks to access the employees’ private information or your confidential business data.
  3. Cross Contamination: Since both personal and business information resides on the same device, there is a chance that the user may accidentally delete one of the two, or send personal information to business contacts and vice versa. Similarly, the IT software deployed under your BYOD policy may not be equipped to distinguish between personal or corporate data when it comes to perceived security threats. Hence, it may end up conducting a remote wipe through which your employees could potentially lose all the personal data stored on their devices.
  4. Privacy Issues: Due to the nature of information sitting on the employees’ tablets, mobiles or laptops, it may be difficult to set a realistic limit on the depth of intrusion of your IT policies when it comes to the user’s private data. It is also possible that the employees’ personal devices are subject to discovery requests in case of corporate lawsuits and litigations. Moreover, if you have deployed robust IT security measures, you will most certainly be able to track the user’s physical location and online activity at all times, which may be perceived as an invasion of privacy.

Multi-Pronged Approach for BYOD Security Measures

With IT security technologies making great strides in recent years, there are several tools that you can add to your corporate arsenal to secure enterprise data and applications from the potential threats of a BYOD policy. In addition to Mobile Device Management (MDM) and Mobile Application Management (MAM), IT security specialists should take into account the who, what, when and where of your BYOD policy and develop a well-rounded security strategy.

Consider a multi-pronged approach that involves pairing of solutions such as Network Access Control (NAC), Role Based Access Control (RBAC) and Data Loss Prevention (DLP) tools. Measures such as risk profiling, staying up-to-date on operating systems and applications, isolating data access, tracking devices and enabling remote wipes will go a long way in making your BYOD policies safe and viable.

Comprehensive Solutions for Risk Mitigation of BYOD Policy

Your BYOD policy is only as strong as its weakest link; hence it is imperative to develop a robust policy that clearly articulates the procedures and boundaries for access, usage and storage of personal versus business data. In addition to drafting a mechanism that establishes mutual trust between your company and employees, you may also have to invest time and resources in training and educating employees on the risks involved with this policy.

GlassHouse Systems can help you implement a BYOD policy by adopting comprehensive solutions that scope out and address the associated risks. Our technical experts will conduct a systematic assessment of how your BYOD policy impacts your security landscape. Furthermore, they will identify gaps, define roadmaps and offer mitigation solutions that can be managed in-house, remotely or in the cloud. Through our consultative approach and wide range of tools, we will help you build and implement device policies that ensure the right balance between privacy and security.

Contact us to learn more about our information security solutions, or leave a comment below for more details on how to design holistic BYOD policies.

For Canada and worldwide, contact our main Canadian offices:

  • +1 (416) 229-2950
  • +1 (416) 229-9096

By email: canada@ghsystems.com

For all US-based enquiries, please contact our main US offices at:

  • +1 (630) 724-8500
  • +1 (630) 724-8509

By email: us@ghsystems.com

TAGS: Security, Managed Security Services, endpoint