Article | April 30, 2014

Bring Your Own Device – Friend Or Foe?


Submitted by F-Secure

Do you know if your workforce is using BYOD? You can start by asking the following questions:

  • Do they ever take weekend work calls on their own smartphone?
  • Does anyone open work documents sent to personal emails on their home laptop or access webmail on a personal tablet?

Answer yes to any of these questions and your workforce has embraced BYOD without you even knowing it.

In businesses where BYOD isn’t openly discussed, actively encouraged or banned, there is simply no way of knowing the actual or potential impact this phenomena could have on your business. Whether a small startup or multi-national, it is not outrageous to suggest that your company is a BYOD adopter – you might just not know it.

Where the real danger lies is in this BYOD blindness. Mobile devices are facing unprecedented levels and varieties of attack. Our latest mobile threat report showed that Android is a hot target for malware, with 79 per cent of all mobile threats attacking the world's most popular OS.

Considering nearly 75 per cent of smart devices worldwide relying on Android, the smartphone in your employees’ hands could, without the right security measures, be a ticking time bomb.

The average small business also needs to take this threat seriously – according to Verizon Data Breach report, 79% of victims are target of opportunity. How would your customers feel if an unsecured device led to their contact details being shared with criminals, or a sensitive deal was unveiled before your investors were ready to go public?

Once you have come to terms with the fact that you may be blinkered to the extent of your own BYOD deployment, the next step is to tackle the problem head on. But where to start?

Firstly, take a stand. Evaluate the risk to your business of a BYOD breach. Whether malware attack, a lost or stolen device or deliberate hacking, decide whether the data at risk is so sensitive that you have to out and out ban work activity on personally owned devices. It may not be popular and may be hard to police, but is a stand that some sectors have already taken, for example the banking sector.

Regardless of whether you choose to allow BYOD or only company-owned devices, it's imperative to have at least the basics of mobile security installed and up to date. This includes anti-virus and anti-theft solutions but can encompass further, far-reaching device management options too. For example, the ability to lock and wipe a lost device remotely is an invaluable tool. A solution to protect virtual desktops will give added security.

Secondly, as already suggested by Sean Sullivan as well, educate. Whatever stand you take, make sure your employees know what is and isn’t acceptable and the potential consequences of breaching this policy. Create a policy document and stick to it.

BYOD isn’t a trend, or just another buzzword. It’s here to stay and it is already making an impact on your business, just make sure it isn’t a negative one.

Based on an original article by Allen Scott, managing director UK & Ireland at F-Secure, published at Huffington Post