We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Faced with today’s threat landscape, there is no doubt that it has become a case of when, not if, organisations will be targeted by cybercriminals. However, while they are waking up to the realisation that greater defences are needed in order to adequately protect the corporate network, what’s worrying is that many still overlook or underestimate the mobile threat. Indeed, the Information Commissioner’s Office (ICO)2 stated that under a third of employees in BYOD schemes have been given guidance on how to safely use their devices in the workplace, indicating a huge security blindspot.
Lack of control
What organisations need to realise is that mobile devices can be very easy targets. Not only can compromised registered devices be used to navigate ‘secure’ data, but it can also be very difficult for companies to prevent new devices already infected with malware or other possible harmful programmes from joining a network. This lack of control means that instead of being able to vet devices, companies have to place a certain amount of trust in their employees that their devices are clean. For the average person, it is often impossible to tell if there is malware sitting on their laptop or smartphone until it’s too late and it has been sent to everyone in their contact lists. This issue is exacerbated if malware finds its way onto a company network.
Another huge issue with BYOD is that devices can be lost or stolen. The NHS3 has had multiple incidents where laptops with unencrypted data have been lost, leaving 10,000s of patients’ details at the mercy of whoever finds it. Whilst this is a very high profile example, it highlights the ease to which the benefits of BYOD can quickly change to create a security disaster. Companies need to subsequently ensure that they have plans in place to deal with outside actors using compromised devices. If they have no way of knowing if an account is compromised or not, security needs to be tightened.
Security measures
As companies start to understand the dangers of an ill-thought out BYOD strategy, they must choose to approach security in different ways. Some firms simply restrict the data mobile devices can access, meaning highly sensitive data can only be viewed through a company controlled device. Whilst this does go some way to controlling what employees are accessing, it also limits the benefits BYOD can have by decreasing employees’ ability to work completely ‘on-the-go’.
BYOD policies can be used to give both the company and employees guidelines on how and what their devices should be used for. For example, the use of personal devices in the workplace means that corporate and private information are likely to mix, therefore employees and employers need to be aware of how easily this can cause sensitive information to appear on personal emails, making it extremely vulnerable. A policy would highlight the dangers and provide employees with advice about how to correctly use their device to ensure this doesn’t happen. However, faced with today’s sophisticated threat landscape, businesses cannot expect to rely solely on employee awareness. Whilst these policies are valuable and will increase employees’ understanding of the pitfalls of BYOD, they are simply words on a page, and are not a proactive way to combat the threat.
Moving goal
Being able to secure your network completely against the BYOD threat is like trying to score into a moving goal. Employees will always find shortcuts to make their lives easier and increasing regulations on how to use devices will see that happen more, potentially making the company more vulnerable to outsiders. What companies need to have are systems in place that constantly monitor all network activity, allowing them to see exactly what is happening on their network in real time. This monitoring is essential to a successful BYOD security strategy.
By first creating a baseline of ‘normal activity’, firms can see what activities are often carried out by authorised mobile devices on the network. This means if something abnormal happens, for example, if a user’s credentials are used to log into the network from multiple mobile devices or sensitive information is downloaded, an alert will be flagged straightaway. Only by having this continuous insight into user behaviour will businesses be able to remain safe in the knowledge that their data will be protected from the mobile threat.
Our fascination with technology will see the BYOD trend continue to increase. The benefits it provides are unquestionable, and as long as companies can find equilibrium between security and productivity, both firms and their employees with continue to reap the rewards.
This article was written by Ross Brewer, VP and MD for international markets, LogRhythm.
1 Ovum study shows that BYOD is here to stay
2 UK laxity on BYOD raises data loss risk, says ICO
3 NHS patient information in data breach by Diagnostic Health
