With BYOD (Bring Your
Own Device), businesses face an ever-growing threat to IT security and it’s
important for you to address it as soon as possible. Without proper controls in place, it creates
a giant hole in your network security.
The Pew
Research Center conducted a national survey recently that revealed:
· 12% of mobile device users store work passwords on their
personal device.
· 19% of mobile users stored work documents on their personal device.
· 58% of mobile phone owners do not back up the data on their devices.
·
Nearly 1 in 3 mobile phone owners (31%) have lost their phone or
had it stolen.
Businesses can be easy targets
According
to a recent study, forty percent of all cyber-attacks are directed at small to
medium-sized businesses. A recent industry report also noted that mobile-targeted
malicious software has virtually
exploded in the last year and is expected to continue to grow exponentially. Not controlling mobile device access to your computer network dramatically increases your business vulnerability to malicious intrusion.
IT managers have traditionally managed
security for company-issued desktops, laptops and devices but policing
employees whose personal gadgets connect to the network presents a dramatic new
test entirely. Making sure that personal
devices that connect to the network are properly secured with
anti-virus/malware and are securely locked down is a particularly
vexing new issue. Employees may even resist your efforts to controll their personal devices.
“When you get that
brand new Droid, load it up with apps and then plug it into your work PC in
order to update or sync necessary files, your company’s IT guy has to worry
about whether that last app you downloaded might infect the entire network,”
personal security expert Robert Siciliano recently wrote for InfoSecIsland.com.
Your IP environment
is changing. Your network protection tactics need to change, too. Your company’s
security is too important to jeopardize.
What can you do to protect your
network?
Determine which
devices and operating systems you're willing to support. – Not all devices will meet the security requirements of
your organization and nothing says you have to let every device access your network. Give employees that want to access the network some parameters to go by when they shop for new devices.
Write clear and
concise policies laying out what is and isn't allowed for all employees who want to use their personal device and have them sign off on them.
Enforce encryption of
data at rest – any apps that
download and store data on the device should protect that data. If a PIN or
passcode is cracked, you want to make sure that data is still protected.
Inventory authorized and unauthorized users – Remember, access to your network is a privilege and not a right.
As we described earlier, security for Mobile Devices is not a one time shot. It’s an on-going process. If you don’t remember that, eventually you’ll get burned.
Determine which types of apps are off-limits. There are hundreds of
thousands of apps available, which will you permit? Keep in mind that many apps have no business on your network!
Train your
employees to make sure they
understand how to correctly use their applications, make the most of their
mobile capabilities, and watch for suspicious activity.
Consider mobile device
management software that can
provide secure client applications like email and web browsers, over the air
device application distribution, configuration, monitoring, and remote wipe
capability.
Inventory authorized and unauthorized devices and use identifiers like PINs or MAC addresses to keep track of who is doing what on your network.
Inventory authorized and unauthorized users – Remember, access to your network is a privilege and not a right.
As we described earlier, security for Mobile Devices is not a one time shot. It’s an on-going process. If you don’t remember that, eventually you’ll get burned.
No comments:
Post a Comment