BYOD: Insiders Attack
I asked a group of my peers at a recent meeting about their top technology challenge. Essentially, "What kept them up at night?" I expected a series of responses, but was surprised when everyone echoed the same issue: the rise of BYOD – Bringing Your Own Device to work.
It was not long ago when employers equipped their employees with the tools. But the rise in consumer technology and a shift by manufacturers like Apple to cater to consumers first is changing the technological environment at work. More – and most – employees are bringing a variety of devices to work – from smartphones to tablets and often connecting to the network to get their emails, calendar and other information. Yes, it is the sign of the times.
So, why does it matter? The widespread use of mobile devices in the corporate setting poses a serious security threat for organizations. With the push of a button or two, someone can gain access to your email account – or even worse, the organization's network. In my case, like many leaders, that could mean the company's financial information.
The truth is that the majority of security breaches at organizations happen from the inside – unintentionally. An employee brings his mobile device from home, plugs into the network and unknowingly infects the system with a virus he got from opening a personal email. Studies show that more than 80 percent of security breaches are caused by insiders and one-third of companies face more than five insider attacks a year.
Here are a couple of steps organizations can take to reduce the vulnerability of their network – and their bottom line:
1.) Require PINs on all mobile devices. Marco is implementing a policy right now that forces all employees to enter a personal identification code before they can connect to the network from their mobile devices for personal or professional use. The technical change to our network was easily rolled out and did not cost us anything. We learned that not all devices are created equal and it is more difficult to manage security on devices with open operating systems like Androids.
2.) Implement Mobile Device Access Control (MDAC). This is designed to control network access and bandwidth for employee-owned mobile devices, including smartphones and tablets. This goes beyond password protection by preventing network access until the devices complies with a pre-established list of criteria. That typically includes a certain anti-virus protection level and having the most recent system updates and patches. With MDAC, organizations also can redirect users to self-registration portals, block usage of certain applications and control bandwidth usage by the type of device.
I recommend every organization implements No. 1. While it will take some adjustment, I believe access control-related technology is fast becoming the new standard in the workplace. Certainly, the increase of mobile devices – and our dependence on them – isn't going to change, and the data and applications on them will only grow.