Enterprises that have implemented bring-your-own-device policies are at increased risk of cybercrime and data loss, most often because of their insufficient endpoint security and control measures. On mobile devices, employees typically access less secure consumer cloud services and engage in unsafe password practices, which accounts for a large portion of all BYOD-related risk. Endpoint software that provides visibility into exactly what is running on a device can help IT departments to understand and eventually address their vulnerabilities.
BYOD is a popular way for executives and workers to access sensitive corporate data on their personal smartphones, tablets and laptops. A recent ZDNet survey discovered that nearly nine in 10 Australian businesses have granted some of their senior IT staff members access to critical company information via their own BYOD devices, while 57 percent stated that they had provided it to at least four-fifths of their leadership. Even in the case of newer and less privileged staff, 64 percent had provided BYOD access, although company financial information was typically blocked from all but the most senior workers.
While BYOD devices and usage are proliferating, many of these organizations have not implemented proper endpoint management strategies to secure their increasingly mobile workflows. Nearly half of respondents stated that their companies did not have BYOD policies, and only 17 percent confirmed that their practices were ISO 27001 certified.
Passwords may be the greatest risk to safe BYOD
For companies that had taken steps to secure BYOD usage, acceptable use policies and passwords were the most popular measures. However, passwords may represent a unique and critical vulnerability in BYOD implementations, since users often reuse passwords that are not sufficiently complex. In an interview with CIO Magazine’s Tom Kaneshige, former Federal Trade Commission executive Paul Luehr asserted that while enterprises with BYOD initiatives certainly face heightened external risk from hackers, the greatest risk may be internal.
“The most common way BYOD policies affect data security and breaches is in the cross-pollination of passwords,” Luehr told Kaneshige. “A person is probably using the same or very similar password as the one they use on their home devices.”
Disgruntled employees, who often leak critical data after being let go, are prime risks for companies that have permitted BYOD, noted Luehr. As a result of BYOD, the distinction between home and the workplace is disappearing, and employees may now feel empowered to engage in relatively risky behavior like using social media on corporate networks, as a prelude to eventually sharing information either carelessly or willfully via cloud services. Comprehensive endpoint security is a necessity for preserving BYOD-induced productivity gains in the face of these threats.