The mass exodus from the conventional office workplace has been embraced by many, and has caused the majority of employers to quickly shift their working from home policies.
For some, they will be working remotely from their company-issued laptop or computer. But for others, employees will be using their own personal devices, either by preference or by necessity. This poses a few inherent challenges and security risks, with users accessing company networks to transmit data via their own personal network or computer. The risk of data breaches grows with BYOD, expanding with every separate network used to access the data.
About the author
Peter Braithwaite is the Chief Operating Officer at Kit Online.
Bring Your Own Device (BYOD) is present in most organisations in the UK. In fact, Ovum found 70% of employees who own a smartphone or tablet choose to use it to access corporate data. While BYOD can help businesses to reduce costs, often the main motivator is more closely related to increased employee mobility, productivity and satisfaction.
Risks include data leakage – if an employee-owned device is left unattended and unable to be remotely accessed, it can pose a serious physical threat. There is also the issue of malicious apps, with names which don’t sound suspicious, being downloaded for recreation. TechCrunch, for example, found that some of the most malicious apps during Pokemon Go’s chart domination were named ‘Pokemon Go Ultimate’ and ‘Install Pokemon Go’ in order to appeal to the game’s fans.
Other risks include loss of control – as soon as an employee leaves the building with a device that can access all of your data, you don’t know what network they’re going to connect to. Similarly, if they enter the office with their own device, and it’s carrying malware, that can also pose a threat.
The time when all employees would exclusively use laptops or computers for work is passing. BYOD has the potential to be your perfect partner in a working from home environment – not your security weakest link. But, how can you minimize the risks?
Minimum specifications for BYOD permitted devices
The starting point of any BYOD policy should be exactly that – implementing policies. Stating the minimum configuration requirements for a model laptop, including the accepted Operating Systems, to avoid patching system vulnerabilities, should be the first port of call. Remember though that many employees may not be as au fait with computing terminology and specs as your IT team so it’s a good idea to provide some model recommendations which satisfy the requirements so employees wanting to purchase new kit can click straight through.
Work with your IT management to establish security control minimums and requirements of devices used to access your data, including any specifications for anti-virus software and required use of a VPN. Some businesses recommend a specific firewall, others make it mandatory.
As your employees start to use BYOD, these policies will act as a key preventative measure. Basic configuration and requirements can not only maximize your security, but also the working experience of your employees, ensuring that their laptop won’t have long lag times. Other non-security specific requirements may include storage capacity, minimum battery life and backup requirements.
Implement a VPN
Virtual Private Networks (VPN) can provide a secure, encrypted tunnel for all employees to access your company network. Personal devices are often not protected by firewalls or antivirus software, which increases the chances of data leakage and device infection. For small businesses who may not have a VPN, it can be hard to police the quality of apps which people are downloading. Whereas, if they have a VPN it gives employees access to the right apps approved for business use that reduce the risks of shadow IT.
A VPN-protected connection is one of the simplest BYOD solutions, but it shouldn’t be undermined. A VPN provides secure access to any data which is stored on a company server. Consider offering all employees the chance to have free virus protection on their devices and a VPN to secure their connection at all times.
You can also consider a containerization process. This involves supplying all applications via a company portal, which is more secure, but also more restricted, as access to the network can only be accessed through that specific portal.
Enable Single Sign-On for better protection and productivity
Making it easier for IT departments to enforce security policies on private and public cloud applications accessed from personal devices, Single Sign-On (SSO) can be a convenient way for users to maintain security protocol while not having to remember dozens of passwords.
Time is money, and if people are constantly having to disrupt their workflow by having to remember multiple passwords and re-enter them several times to access an application, it can have an effect on productivity. A secure SSO can enable smart user authentication and protect all of your apps, also eliminating password fatigue. As a result, complaints to your IT department will be down, along with a reduction in phishing as the user doesn’t have to enter their credentials as often. You can deploy your own SSO, or make an account on external providers such as LastPass or Microsoft Azure Active Directory.
Mobile Device Management
According to Trend Micro, 60% of organisations do not remove any business data from ex-employee devices. Yet, the same statistics revealed that 50% of organisations that allow BYOD were breached via employee-owned devices. While you can often rely on your employees to be ethical and delete the necessary apps when they leave, this is not always applicable.
Mobile Device Management (MDM) can enable your entire IT team to remotely access a device’s data and act as the centralized authority for corporate resources, including email access, apps, secure directories and cloud storage. MDM can also limit permissions based on an employee’s role in the company. When someone leaves the company, the team uses MDM to remove the enterprise from that individual’s device to protect their intellectual property in a selective wipe – without removing any of the non-work files. This is the same case if an employee’s device is stolen or lost to protect company data.
It’s important to ensure that your MDM system works with multiple platforms, such as Apple, Windows and Android. MDM features will include WiFi configurations, password requirements, remote wipe, remote lock, geofencing and more.
BYOD is the future
With more and more companies encouraging BYOD, it’s smart to be as preventative against security risks than ever before.
It’s unlikely that the world will just ping back to normal, full-time office-based work post-pandemic. In fact, it’s looking increasingly as if many firms will never go back to how they first operated. Yes, BYOD has its risks, but enterprises ultimately need to embrace it now that users can see its been done – it’ll be harder to take it away from them. Instead, work to make sure you have the policies and the technology in place to make it a mutually beneficial situation.