By Indusface Research Team

BYOD blog

IDC, a research and analyst firm, predicts that by 2016, 480 million smartphones will be shipped worldwide. An estimated 65 percent of these 480 million phones will be used for BYOD. According to Gartner, “The rise of bring your own device (BYOD) programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace.” Majority of the organizations will allow BYOD by 2017, and the major objection for BYOD is security. All this proves what?

It’s time to prepare for BYOD.

What is BYOD?

There was a time when an organization’s perimeter ended at PC’s and phones were devices only used for calls and texts. Then portable, easy to carry Laptops emerged, and the company data started seeing the extended world, paving a way out of the company office. Smartphones and tablets added to this revolution and soon a significant amount of data was mobile.

This started the BYOD or Bring Your Own Device practice, referring to the policy of allowing employees to bring their personally owned mobile devices to offices and use them to access privileged company information and applications. And this is where the problem arose. Like it oft happens, security was the last though in BYOD and not a pre-thought and then worked on notion. It became difficult for companies to keep their sensitive data safe, as they could not control what the employees were doing with their own devices, which were also used to access the company data. That is where the need of BYOD security was seen.

And though BYOD is becoming a fast adopted trend in companies, the focus on its security is not paramount. This needs to change.

BYOD and Security

You can love it or hate it, but can’t ignore it. BYOD is here to stay, and rather than overlook it till it comes and pounces on you, it is best to accept this ‘radical shift’ and adapt to it. BYOD is essential for today’s organizations, if they want to show to their employees that they promote and open and friendly environment. Reports have found that employers that allow BYOD expect increase in employee satisfaction and productivity level and are therefore investing in BYOD programs to promote efficiency but securely.

The most common threats faced by organizations encouraging BYOD include loss of the device containing data, unauthorized access to organizational data and resources, data theft, access of infected applications by employees which in turn facilitate malware entry into the system and also compliance and regulatory fines. According to an industry report, the biggest BYOD security concerns for organizations are loss of company or client data (67 %), unauthorized access to company data and systems (57 %) and fear of downloading content or apps with security exploits (47 %).

BYOD threats

Mobile Loss

It happens, things get lost or stolen. This can’t be prevented, but what can be prevented is the loss of data through loss of phone. Keeping your smartphone locked is a necessary precaution that should be taken by your employees. Smartphones can be locked such that, in case of a theft and someone entering the incorrect password more than a preset number of times (3, 5, 7, whatever you want to set), results in the phone wiping out the entire data.

Many antivirus softwares come with features that can help you in tracking your phone’s whereabouts and can also wipe out the entire data with a text message. The good news is, many of these softwares are free.

Basic Security Measures to avoid Security Exploits-Reduce Application Exposure

Security should not be an after-thought but a carefully planned approach. Applications should be developed carefully by coders, trying to minimize presence of vulnerabilities.

Also, enterprises should carefully test any app before letting it enter their ecosystem. Mobile penetration testing helps in in-depth testing of apps for existing vulnerabilities and weak points which can later be exploited. Fixing these vulnerabilities timely can go long way in securing your BYOD programme.

Software updates and patches are crucial-do not ignore them

Ensure that all apps are updated with the latest patches. As soon as vulnerabilities are announced, hackers will race to exploit them (Shellshock vulnerabilities were exploited within matter of hours, post being announced). Make sure, you are one step ahead of them here, and this will help you sleep peacefully.

Do not ignore the possibility of an internal breach

There’s always a chance that some employee will access a safe looking app which will actually be malicious, giving access to all your company data. Threat of an employee stealing company data is also very high, and common.

This can be avoided. Not all company data needs to be accessed by everyone. Keep them password protected and give access only to a limited number of people. Granting permissions only to minimum few and necessary people, helps. Not only is it easier to secure something which only a chosen few have access to, it also means that in case of a breach, the culprit can be caught more easily. Unauthorized access to company data and systems is one of the biggest security concerns for organizations.

In event of a Major Vulnerability being announced, like Shellshock or Heartbleed– do not focus on securing only your external networks but internal as well

Because employees access company data and resources via mobile applications, triggering data exchange between the employee’s phone and the company network. This means that there are multiple vulnerable paths created in the network, which can open doors for hacker’s entry. This is particularly bad news for organizations who though promote BYOD, but do not take steps to secure their data.

Every network source, whether external or internal, needs to be secured. The apps need to be scanned continuously and thoroughly for vulnerabilities and patched. Else these vulnerabilities will act as the entry point for malwares and a welcome carpet for cybercriminals. If a hacker gains access of apps and network services on an employee’s mobile, then it’s only a matter of time before the control will be extended to the organizational data as well.

BYOD threats and real and are becoming more dangerous with every passing day. Enterprises should turn their focus on securing their BYOD programmes. Vulnerabilities like Heartbleed and Shellshock are rare, but more and more vulnerabilities are emerging everyday. A proactive approach for security needs to be practiced, if enterprises want to remain a step ahead of hackers and keep their employee and customer data safe.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.