There’s one major difference between companies that adopt BYOD policies and those that don’t: those that don’t are far more vulnerable to attacks.
Now, that may seem counterintuitive—after all, aren’t BYOD programs supposed to open the door to greater security risks? That’s what everyone says, and there’s certainly new complications that come with BYOD programs.
However, companies need to realise employees are connecting their phones and tablets at work, regardless of whether there’s a BYOD policy or not. So with that in mind, companies that make efforts to regulate the devices on their networks are far more likely to be protected than those who don’t.
BYOD security is a big deal, and obviously new measures and solutions will need to be adopted in order to handle new platforms and devices. With that being said, it can be difficult to know where to start. In an effort to make things a little more manageable, here are 3 important areas to consider when looking to beef up your network security.
Worry less about the variety and more about the volume.
Device turnover is relatively quick these days. Every few months a newer model is released, or an updated platform, which causes constant flux in the tech environment. This can often be a struggle for IT departments, as they’re stuck trying to manage networks that support fitness trackers and smartwatches on top of smartphones and tablets.
While it’s important to know what types of devices are operating on your company’s network, it’s far more important to know the number of network-enabled endpoints. At the end of the day, securing different mobile endpoints isn’t anything special for IT, as they’ll all just be treated like computers. However, when it comes to endpoint security in a BYOD world, the sheer number of connections will lead to huge spikes in network traffic and therefore greater risk from remote access vulnerabilities.
Don’t forget about your laptops.
More often than not, when companies discuss BYOD, they’re thinking about people using their mobile devices at work, like smartphones or tablets. Mobile technology is definitely the rising tech, and it wouldn’t be hard to imagine the majority of work being done on these devices within the coming years, especially as the computing power of tablets increases. As a result, professionals are building up stronger security measures to protect these new gadgets. That makes sense, after all, cybercriminals are going to adapt and target the most predominantly used mediums, right?
Kind of. Cybercriminals are far more likely to target the areas with the greatest weaknesses. Too often companies will fall into the trap of focusing on new technologies, and forgetting to upgrade security measures on traditional devices, like laptops and desktops. Companies will definitely need to invest in mobile security options, but the key is to maintain an overall heightened level of security across the entire network and protect all devices.
Don’t forget about the departed.
Another rarely discussed element of BYOD is the problem that arises from having company information stored on personal devices, and then having an employee leave the company. It’s a little more manageable when employee and employer depart on good terms, because the employee is more likely to delete information themselves, or allow IT to do it. When an employee leaves on bad terms, they may try and keep information they can then use to harm the company’s reputation as revenge.
BYOD policies need to expand beyond simple IT oversight. HR needs to be involved to help with employee termination procedures. Once an employee is no longer with the organisation, their access to company information needs to be eliminated, along with the current information stored on their device. This is where a mobile device management solution is useful. Among many other features, it helps create a BYOD work environment and adds administrative rights to delete all traces of corporate data when an employee leaves.
It’s important that employees are aware of this procedure the moment they begin with the company, that way there are no surprises and legal issues when the company goes to enforce the policy.
That virtually every company in Canada will eventually have some sort of bring-your-own-device policy surrounding mobile gadgets seems no longer to be an “if,” but rather a “when.”