By Indusface Research Team
IDC, a research and analyst firm, predicts that by 2016, 480 million smartphones will be shipped worldwide. An estimated 65 percent of these 480 million phones will be used for BYOD. According to Gartner, “The rise of bringing your own device (BYOD) programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace.” Majority of the organizations will allow BYOD by 2017, and the major objection for BYOD is security. All this proves what?
It’s time to prepare for BYOD.
There was a time when an organization’s perimeter ended at PC’s and phones were devices only used for calls and texts. The portable, easy to carry Laptops emerged, and the company data started seeing the extended world, paving a way out of the company office. Smartphones and tablets added to this revolution and soon a significant amount of data was mobile.
This started the BYOD or Bring Your Own Device practice, referring to the policy of allowing employees to bring their personally owned mobile devices to offices and use them to access privileged company information and applications. And this is where the problem arose. Like it oft happens, security was the last though in BYOD and not a pre-thought and then worked on the notion. It became difficult for companies to keep their sensitive data safe, as they could not control what the employees were doing with their own devices, which were also used to access the company data. That is where the need for BYOD security was seen.
And though BYOD is becoming a fast adopted trend in companies, the focus on its security is not paramount. This needs to change.
You can love it or hate it, but can’t ignore it. BYOD is here to stay, and rather than overlook it till it comes and pounces on you, it is best to accept this ‘radical shift’ and adapt to it. BYOD is essential for today’s organizations if they want to show to their employees that they promote an open and friendly environment. Reports have found that employers that allow BYOD expect an increase in employee satisfaction and productivity level and are therefore investing in BYOD programs to promote efficiency but securely.
The most common threats faced by organizations encouraging BYOD include loss of the device containing data, unauthorized access to organizational data and resources, data theft, access of infected applications by employees which in turn facilitate malware entry into the system and also compliance and regulatory fines. According to an industry report, the biggest BYOD security concerns for organizations are loss of company or client data (67 %), unauthorized access to company data and systems (57 %) and fear of downloading content or apps with security exploits (47 %).
It happens, things get lost or stolen. This can’t be prevented, but what can be prevented is the loss of data through the loss of the phone. Keeping your smartphone locked is a necessary precaution that should be taken by your employees. Smartphones can be locked such that, in case of theft and someone entering the incorrect password more than a preset number of times (3, 5, 7, whatever you want to set), results in the phone wiping out the entire data.
Many antivirus software comes with features that can help you in tracking your phone’s whereabouts and can also wipe out the entire data with a text message. The good news is, many of this software is free.
Basic Security Measures to avoid Security Exploits-Reduce Application Exposure
Security should not be an after-thought but a carefully planned approach. Applications should be developed carefully by coders, trying to minimize the presence of vulnerabilities.
Also, enterprises should carefully test any app before letting it enter their ecosystem. Mobile penetration testing helps in in-depth testing of apps for existing vulnerabilities and weak points which can later be exploited. Fixing these vulnerabilities timely can go a long way in securing your BYOD program.
Software updates and patches are crucial-do not ignore them
Ensure that all apps are updated with the latest patches. As soon as vulnerabilities are announced, hackers will race to exploit them (Shellshock vulnerabilities were exploited within a matter of hours, the post being announced). Make sure, you are one step ahead of them here, and this will help you sleep peacefully.
Do not ignore the possibility of an internal breach
There’s always a chance that some employee will access a safe looking app which will actually be malicious, giving access to all your company data. The threat of an employee stealing company data is also very high, and common.
This can be avoided. Not all company data needs to be accessed by everyone. Keep them password protected and give access only to a limited number of people. Granting permissions only to minimum few and necessary people helps. Not only is it easier to secure something which only a chosen few have access to, but it also means that in case of a breach, the culprit can be caught more easily. Unauthorized access to company data and systems is one of the biggest security concerns for organizations.
Because employees access company data and resources via mobile applications, triggering data exchange between the employee’s phone and the company network. This means that there are multiple vulnerable paths created in the network, which can open doors for hacker’s entry. This is particularly bad news for organizations who though promote BYOD, but do not take steps to secure their data.
Every network source, whether external or internal, needs to be secured. The apps need to be scanned continuously and thoroughly for vulnerabilities and patched. Else these vulnerabilities will act as the entry point for malware and a welcome carpet for cybercriminals. If a hacker gains access to apps and network services on an employee’s mobile, then it’s only a matter of time before the control will be extended to the organizational data as well.
BYOD threats and real and are becoming more dangerous with every passing day. Enterprises should turn their focus on securing their BYOD programs. Vulnerabilities like Heartbleed and Shellshock are rare, but more and more vulnerabilities are emerging every day. A proactive approach for security needs to be practiced if enterprises want to remain a step ahead of hackers and keep their employee and customer data safe.
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Before this, as the CTO @ Indusface, Venky created the product/service offering and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in the security industry and had held various mgmt/leadership roles in Product Development, Professional Services, and Sales @Entrust.