How can BYOD be a security risk to your organisation?

James is editor in chief of TechForge Media, with a passion for how technologies influence business and several Mobile World Congress events under his belt. James has interviewed a variety of leading figures in his career, from former Mafia boss Michael Franzese, to Steve Wozniak, and Jean Michel Jarre. James can be found tweeting at @James_T_Bourne.

IT consultant defines the difficulties and solutions to problems of BYOD and why he believes it’s ‘bring your own disaster’ for IT, but how does it compare to other surveys?

James Easton, pre-sales consultant at Real Status, agrees with the view that BYOD, for all its positives in employee happiness and consumerisation of mobility, has the potential to be a security nightmare.

According to Easton, one of the major worries for BYOD adoption is “jumping the perimeter”.

In other words, it’s all well and good having a company security policy in place, but viruses and malware brought into the company on personal devices may not use the perimeter security solution. This may also lead to the bypassing of company firewalls.

Similarly, if there’s a security policy in place it needs to be watertight at all times, therefore Easton advocates patch management, “often underestimated as an afterthought”, to stop new malware slipping through the net.

Easton cites another pretty standard problem – data privacy. The argument that data is vulnerable through human error is a strong one.

UK-centric research from Sophos revealed that 36% of people had lost an electronic device in a public place and, of those 36%, just under half (42%) had no active security measures in place – a free-for-all then, if the device ends up in the wrong hands.

Easton infers that the human element is key. “There are some basic security rules that should be implemented at minimum, but they are all dependent on individual employees being trusted to stick to them all the time,” he said.

Another oft-quoted BYOD problem cited by Easton involves password security, or the lack of it. Easton states that every BYOD device should hold a ‘three strikes and you’re out’ ruling, noting: “Sloppy password control along with lack of encryption can lead to accounts being hijacked and the potential for serious loss”.

Recent Context research on the best tablet for BYOD would appear to back this up. In its appraisal, Context noted that the iPad had an above average level of security for a primarily consumer device, however, the ease with which passwords can be hacked was a danger sign.

The final peril, according to Easton, involves time management – making sure employees’ use of social media or other apps on personal devices wouldn’t contravene a fair use policy on corporate-owned devices.

A recent report from Ovum revealed that nearly 80% of BYOD security isn’t properly managed by IT departments. Is IT therefore taking the risks associated with BYOD for granted? in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *