By Andreas Baumhof, chief technology officer at ThreatMetrix
Consumers’ fascination with the latest technological gadgetry is changing the way we work as bring-your-own-device (BYOD) behaviors continue to transform the workplace. Armed with smartphones, tablets and other devices, employees are using personal technologies to improve productivity and extend work activities beyond the physical confines of the office.
In the coming months, BYOD will present even greater opportunities for workers and employers. But despite the well-publicized risks of BYOD, many employers have failed to implement appropriate policies and controls — an oversight that has serious cybersecurity implications for businesses and consumers in 2014.
The BYOD Threat In 2014
Mobile technology is more popular than ever. Gartner analysts estimated mobile phone sales reached 1.81 billion by the end of 2013, with tablet shipments totaling 184 million. In record numbers, workers are equipping themselves with powerful mobile technologies that can be used for both personal and work purposes.
Yet according to a 2013 ThreatMetrix study, 15 percent of companies have no BYOD policies in their workplaces. Without robust BYOD policies, businesses are exposed to a wide range of security threats since employees can download infected applications to their personal devices and unknowingly spread malware to corporate networks and servers.
The Landscape Is Changing
BYOD has always lived in this “void” between corporate aspiration to control everything and consumers’ desire to do anything. Even the earlier BYOD policies focused very much on control. Since then, many BYOD policies adopted a more coherent way of looking at what’s good for the company and what’s good for the consumer. One example is that the focus is much less on control, but much rather on the data and information itself. Rather than restricting what one can do with the mobile device, the focus is around what data can be accessed under what circumstances and what context.
One thing is clear: this has the very real risk of disclosing sensitive information and damage customer relationships to loss of service, so the risks need to be mitigated properly.
Managing BYOD Risks
The prevalence of BYOD technologies in the workplace underscores the importance of implementing policies and solutions designed to protect the integrity of your organization’s IT ecosystem. Although no single solution can completely insulate your business from BYOD risks, a combination of strategies can significantly improve your ability to leverage BYOD for business advantage.
The first step toward improving workplace cybersecurity is to identify and evaluate the various applications and access points that are affected by BYOD devices. It’s critical to determine the applications and data that can be accessed remotely by your employees’ personal devices, and to evaluate existing measures that ensure those devices are free from malware or other threats.
After you have identified the various ways personal devices are being used to access corporate applications, the next step is to implement controls and policies around the use of BYOD in the workplace. Although BYOD policies and controls can be wide-ranging, it’s important to address the use of anti-virus software, anti-malware scanning, password policies, software updates, multi-factor authentication and other strategies to improve the security of servers and data.
The creation of BYOD policies and controls is a good start, but it isn’t enough. By automating policy enforcement with client-side verifications and the real-time monitoring of device connections (to identify malware), you can prevent infections and ensure the consistent application of BYOD controls throughout your organization.
Device identification technologies protect corporate applications and data from fraudsters posing as employees or other legitimate users. Strong device identification solutions improve BYOD security by spotting suspicious devices known to belong to bots or cybercriminals.
Employee education and periodic reviews of trending threats are important components of a well-rounded BYOD program. Educate workers about the risks posed by personal devices and maintain company-wide awareness of the latest threats to continuously improve IT security.
The threats associated with BYOD are real, but eliminating the use of personal devices isn’t a realistic option for most companies. By carefully considering the use of personal devices in your organization and implementing appropriate controls, you can continue to enjoy the productivity gains BYOD delivers — without jeopardizing the security of your applications or data.
Andreas Baumhof is Chief Technology Officer at ThreatMetrix, a provider of integrated cybercrime prevention solutions. Baumhof is an internationally renowned cybersecurity thought leader and expert with deep experience in the encryption, PKI, malware and phishing markets.