There is no denying the fact that more and more companies are embracing the concept of workforce mobility and the practice of Bringing-Your-Own-Device to work has been instrumental in this movement. Employees can literally be anywhere in the world and still be able to submit daily reports, answer emails, join meetings, etc. According to Forrester “More than half of North American and European companies are developing BYOD programs in response to workforce demand.” When the world is already this hyperconnected, you can just imagine what it’s like for a company to resist trends such as BYOD. Although of course, there’s always two sides of a coin. They may be less exposed to rising threats in endpoint security, but they may not be as productive and agile as their competitors. But before you dismiss or adapt to BYOD, let’s discuss what makes it a threat to security.
First of all, BYOD pertains to the personal devices that are used for personal businesses outside a company’s scope of security. This means that there is very limited protection, if there’s anything at all, that is given to endpoint devices when used outside the company’s premises. And even when the employee is browsing the internet for work purposes, within the company’s network, virus and malware can still creep into an insecure endpoint device. Without proper endpoint security, employees can easily (oftentimes unknowingly) find themselves as the common vehicles of virus and malware.
Mobile devices such as smartphones have the greatest risk in IT security according to a survey done by the Ponemon Institute in 2016. This is primarily due to the susceptibility of mobile operating systems. Laptops and desktops, on the other hand, were the top sources of breaches. Since the attacks these days have become more sophisticated, difficult to detect, and harder to contain, the spread of infection can happen so quickly. In short, if a device is insecure and it gets infected in any way, it can compromise the whole corporate network. While the ultimate goal of BYOD is to provide accessibility and increase employees’ productivity, it can also be the cause of bigger problems. Without a well-assessed BYOD policy in place, there will always be a risk in compromising corporate data, employee credentials, and all other private information.
Therefore, in order to reap the fruits of BYOD, it will be necessary to have a strict BYOD policy. CIO suggests that companies must have a centralized and consolidated visibility of each device’s interaction with the corporate network. Knowing how the device is configured and how it behaves when connected to the network will be helpful in tracking anomalies. The site also suggests keeping employees informed on the best practices aligned with the BYOD policy of the company. For instance, they must know when to update their devices and how to distinguish a phishing email.
They must also be aware of the consequences of not adhering to the BYOD policy. Moreover, it would be ideal if it also encompasses application and device policies. Some applications may need more restrictions than others and so it might be better if it could only be accessed by a few people in certain locations using their identified devices. Endpoint security is also best enforced with the service of a security provider as it will be helpful in automating threat and vulnerability detection, gaining visibility of each endpoint in the network, as well as blocking off threats from the device.
BYOD is the current need of the workforce and of the enterprise leaders who wish to mobilize their business in the market. It is critical, however, to have a proper BYOD program in place that will protect and secure the business, clients, and employees.