Don’t let BYOD be Bring Your Own Disaster
Bring Your Own Device looks like it’s here to stay. But do you know how to protect yourself against the risks it presents? Cyber security commentator Pete Roythorne has some tips.
Almost anyone that works in IT has complained about BYOD – or Bring Your Own Device – at some point. But what it is and the real implications to your business’s security aren’t always clear.
Essentially, BYOD refers to the policy of permitting employees to bring personally owned devices (such as laptops, tablets and smart phones) into the workplace, and using those devices to access company information, applications and networks. It’s also sometimes referred to as the consumerisation of IT.
Many believe the phenomenon was triggered by the first iPhone in 2007 and then really exploded with the iPad in 2010. Prior to that point people were happy (well maybe not happy but didn’t know any different) to use their company-issue PC and BlackBerry.
Now that many are no longer prepared to make do with a standard work device, IT departments find themselves faced with hordes of ‘unregulated’ and ‘unmaintained’ devices wanting access to their networks. Networks that in many cases they’ve spent time, energy and effort securing.
While you may think “I’m just bringing my own device into work, what’s the big issue?”, the reality is that Bring Your Own Device can very quickly become Bring Your Own Disaster. This is because if people are using these devices for work, they’re attaching them to the network and transferring all types of data onto them – from security codes and client details to company correspondence and other confidential information. These devices are then taken home, connected together and goodness knows what else. So important company data can quickly be spread all over a series of devices with no controls whatsoever.
Don’t let BYOD become your Achilles heel
Even if your staff aren’t intentionally engaged in trying to steal your intellectual property, BYOD can lead to your data being distributed across a variety of devices, not owned or controlled by your company. Imagine what would happen if any of those devices were lost or stolen? There’s a big market for retrieving data from lost and stolen devices.
And this is before we get into the problems that can be caused by infected machines being attached to company networks. Individuals don’t always keep their devices updated, patched or even as tidy as work machines. On top of this, there’s little control over the websites they visit, so they could easily be going to compromised websites that are downloading malware unseen onto their devices. Combine that with an unpatched machine and you have a potential security nightmare. Once an infected device is connected to your network, malware will quickly find its way onto your systems.
Protect yourself against BYOD
So how do you avoid disaster? In short, set strict policies and stick to them. You need to make sure you have control over the devices that are attached to your network. Each one used to access company networks, data and applications should be approved before it’s used and access in some circumstances should be limited.
Clear statements – make sure your people know exactly what’s involved when they BYOD and explain the consequences if anything goes wrong
Training programmes – educate your staff with best practise policies to protect themselves and your data
Security compliance – make sure you have all the requisite security measures in place, especially if you’re handling customer data
Insurance – check that you’re fully covered, just in case the worst happens
It may sound like you’re being a killjoy, but the implications to your business of not controlling personal devices should far outweigh any concerns you may have in that department.
Protect your business and your device with McAfee Multi Access from O2
Great a great deal on the latest smartphones and tablets in the O2 Business shop