Security is a critical issue surrounding the BYOD landscape, but the issues have changed a bit in the past few years as the trend has evolved. A few years ago, discussions tended to center around the fact that BYOD was coming and organizations had to start preparing for it. Now it's here, and it's time to revisit security best practices in light of changes within the trend.
3 Major Security Issues Businesses Must Consider When Implementing BYOD Plans Include:
1. Workers are Using Their Phones for More Work
When BYOD was just beginning to get its feet wet in the enterprise, most people were using their personal devices to check email, maybe login to a conference call or use social media to keep up with clients and colleagues. This is beginning to change. The Tenable survey found that 45% of respondents use mobile devices to access and edit documents, 43% use SharePoint or similar intranets, and 28% access cloud apps.
The days of treating mobile device security as a secondary consideration because employees weren't frequently accessing sensitive data on their phones are gone. As your workers start using personal mobile devices to interact with sensitive files and access mission-critical apps, you need to ensure you have the protections in place to ensure data is safe, any regulatory laws are complied with, and proper governance and visibility are in place to ensure best practices are followed at all times.
2. Visibility is Essential
An Ovum survey of global BYOD use found that 28.4% of IT departments outright ignore the need to protect end-user devices.2 Perhaps more troubling for IT leaders, however, is the fact that 17.7% of respondents said their IT departments aren't even aware that their device is being used for work.
With BYOD becoming mainstream, many employees may assume that they can use personal devices for work and not think about the security, regulatory, and data management issues that personal device use creates. IT teams must establish policies and procedures that give them complete visibility into and awareness of which personal devices are accessing the network on a regular basis and what those employees are authorized to use their personal devices for.
- Allows IT teams to train users taking advantage of BYOD on best practices and policies they must follow.
- Enables IT users to assess how any moves, adds or changes may impact apps and services being delivered to personal devices.
BYOD may require IT teams to let go of some of the control they've had over technology systems in the workplace, but they can't afford to get so loose with guidelines that they lose any ability to establish and enforce best practices. Transparency into how BYOD is being enacted within an organization is critical here.a clear idea of the devices accessing the network.
3. Multi-Factor Authentication is Getting Easier
A few years ago, the user authentication conversation surrounding BYOD tended to center around a sense of surrender, with technology professionals wanting multi-factor authentication, but an awareness that users probably wouldn't handle that inconvenience well. Fingerprint scanners, face recognitions, and similar biometric solutions now work well enough and are cost-efficient enough to be features of mainstream mobile products.
These types of tools highlight options to make multi-factor authentication an easier, less invasive process for smartphone users. IT professionals have an opportunity to take advantage of these developments to establish more robust authentication best practices within their organizations to ramp up security within BYOD programs.
Ramping Up Security
Security best practices have changed dramatically in recent years. Many organizations are moving away from sitting back hoping firewalls keep intruders out and are ramping up strategies such as network monitoring and analysis to actively work to prevent threats from gaining a foothold in the network. BYOD is not immune to this evolution, and organizations hoping to keep up with demands of today's users must consider emerging behaviors and how they can respond.
Cyber security is a constantly changing industry, and continuing your education or training your employees can go a long way in staying ahead.
Learning Tree's collection of courses on security and data protection can help your staff get ahead of threats and stay there.