Bring Your Own Device (BYOD) Security Pitfalls

bring your own device

The Bring Your Own Device (BYOD) movement is gaining a strong foothold in the US with 72% of organizations already implementing BYOD or planning to do so. In the workplace, BYOD presents an attractive business model to be followed, allowing for greater flexibility and increased productivity among employees. However, there are several security risks that need to be addressed. With personal devices like smart phones and tablets handling corporate data, there is now an enormous burden placed on companies to find a balance between preventing outside intrusion and respecting the privacy of their employees.

SMBs and enterprises alike are responsible for maintaining data security standards and this task can get easily complicated with the introduction of BYOD. To take control of your company’s BYOD policies, consider these associated challenges:

1. BYOD allows personal and business data to intertwine and mix

A big challenge for companies is managing both personal and corporate data on the same device of each employee. This is because the likelihood of employees having the same level of security protecting a company’s internal networks on their personal devices is pretty low. That brings into question potential cyber threats arising from unsecured networks. Logging into a secured company network is one thing but logging into an unsecured public network can be disastrous for both the company and the employee. Furthermore, malicious malware may further corrupt an entire company’s system should an employee accidentally install it onto their device.

2. BYOD increases the risk of data and information leakage

When an organization has a BYOD policy in place, it can open multiple backdoors for hackers to access confidential data, thereby increasing the overall risk of cyber threats against the entire organization. Mobile phones and tablets are more risky than PCs and laptops since they require constant (even daily) updating to patch security bugs. While BOYD has its benefits, companies must realize that personal devices present a weak link to security within the workplace and need special attention.

3. BYOD introduces human error/physical obstruction possibilities

Even if employee devices have password controls, remote lock features, or encryption enabled, there is always the possibility of an employee device being misplaced or stolen. Careless employees might be an IT administrator’s worst nightmare as there is not much they can do to retrieve the device once it has been stolen. One simple but effective measure to prevent outsiders from gaining access to the device is by using a PIN code. However, with hackers becoming increasingly clever at cracking down PIN codes, added protection like a wiping solution may be necessary to eliminate the possibilities of data theft.

4. BYOD makes it harder to keep track of vulnerabilities and updates

Not all mobile devices are created equal. They have different capabilities and operating systems that run different programs and with different levels of security. As more personal devices are added under a BYOD policy, it will become more difficult to keep track of the vulnerabilities and updates of each device. This is because employees are utilizing different applications on their devices and, without proper encryption or other security measures, the risks expand. Worst still, if it is an older device, a different set of unknown or undocumented vulnerabilities may arise, making it all the more dangerous. Security experts may suggest investing in a mobile device management (MDM) platform, but that will require employees to install an agent on their personal devices, which many employees are likely to oppose.

Even before setting up a BYOD policy, a company should research the current security options that are available for them. Single Sign-On (SSO) for example is an effective method for preventing hackers from logging into employee devices. If an organization has one centralized platform to handle identity management, then it becomes easier to handle web application access across the different devices in the network, as employees will log in to this platform only once to have their credentials authenticated and approved. While it is important for thorough BYOD policies and procedures to be put in place to secure employee devices, it’s also vital to educate employees on these basic security practices for protecting their personal devices so security becomes a company-wide effort.