Bring-your-own-device practices can be a tricky balance of flexible use for employees and data security for administrators. If proper protections are not in place, a BYOD strategy can put an organization at risk for data leakage and the associated financial and reputational consequences. However, when decision makers include proper oversight and data governance into consideration during implementation of BYOD, employees will have the freedom they need to utilize their devices productively and sensitive corporate information is kept safe.
Poor data visibility
Recent research from Kaspersky Lab has shown that 60 percent of organizations do not have a complete understanding of what company-owned intellectual property is stored or accessed by employees on mobile devices.
According to an InformationWeek survey, 86 percent of businesses currently allow employees to use their mobile devices for work purposes, or plan to do so in the future. Although some form of BYOD is present in the vast majority of enterprises, only 35 percent of IT managers said they have adequately strict policies to properly oversee business information on personal hardware. Furthermore, only 20 percent of companies have systems to detect malware on corporate mobile devices.
David Emm, Kaspersky Lab senior security researcher, said administrators only need to look at the statistics pertaining to the amount of devices lost or stolen each year to understand the importance of knowing what employees maintain on their hardware.
“Only when clear BYOD rules are in place, can adequate steps be taken to build a robust security solution should a device be lost or stolen,” Emm said.
Without the proper oversight and governance, businesses are vulnerable to a range of dangers, from network malware to workers downloading company information onto unapproved devices, stated Network Computing. Data security expert Oliver Friedrichs noted that some groups have become victims of botnets.
“So, mobile devices connect through your corporate network through command-and-control servers,” Friedrichs told Network Computing. “When you have a compromised device on your internal network that’s already bypassed your firewall, you have all of the inherent problems that something can bounce through that device and use it as an entry point into the corporate network.”
To avoid this type of infection and prevent putting company data at risk, Morrow suggested including file and information encryption, data wiping capabilities and blocking access to the corporate network as part of BYOD practices. Organizations should also include strong endpoint data protection software for all devices that connect to the network. This type of solution can provide the necessary oversight to keep administrators informed as to their workers’ activities in a BYOD strategy.