BYOD, or bring-your-own-device, had been a buzzword in the enterprise and small business community since the mid 2000s. When smartphones and tablets came into fashion, not all businesses were ready to spend for their employees’ device needs. Recognizing the productivity benefits of mobility, many businesses adopted a BYOD approach to digital devices, in order to encourage better collaboration and productive work even beyond the confines of an office desk.
Fast forward more than a decade later, BYOD is still an effective means to promote productivity amid an increasingly mobile and remote workforce. According to recent report by Gallup, at least 43 percent of workers in the US alone have spent some time working remotely. In addition, the rate of BYOD adoption among businesses was estimated at 36 percent at the start of 2017; this is set to grow to 50 percent by the start of next year.
However, BYOD is a double-edged sword, and some businesses may already have BYOD fatigue due to the challenges in ensuring the security and integrity of data, especially with the use of personal devices for accessing business or enterprise data.
When employees have a mixed use of their devices for both business and personal purposes, there is an increased risk of inadvertently accessing malware. In addition, they might also be vulnerable to social engineering attacks, causing them to inadvertently hand over valuable access credentials to hackers.
According to recent figures, 39 percent of businesses that use a BYOD deployment have encountered malware within their networks, and 35 percent have not done security checks or countermeasures on their employees’ devices. And for those that have fallen victim to attacks, data theft and unauthorized access to systems have been cited as the biggest problems encountered so far.
For any business with a BYOD policy, these three strategies can help in ensuring the integrity of data.
The prevalence of the cloud means that many applications and solutions now run through an as-a-service model. Collaboration apps, office solutions, messaging, project management, and even timekeeping applications are now available as mobile or web-based apps. All an employee has to do is access these through his or her smartphone, tablet, or laptop. Employees can access their data and work from virtually anywhere – their office desk, factory floor, coffee shop, or home.
As a corollary, most businesses would have their applications, databases, and collaboration solutions on the cloud, as well. Unfortunately, this openness also means bigger potential vulnerability, in terms of attack vectors and sources of data leaks.
One potential strategy to deploy is the firewall-as-a-service or FWaaS, which essentially entails delivering firewall and network security capabilities through a cloud-based approach. This negates the need for a physical firewall appliance or deployment of firewall software on an on-premises server.
Cato Networks, which runs its FWaaS through its existing global cloud infrastructure, works on the premise that the cloud has significant advantage over appliance-based deployments. First, the distributed nature of a cloud firewall means that businesses need not deploy a firewall at each location or office – even remote workers are automatically covered. Secondly, there is no need for manual upgrading on the part of IT departments. Third, overall policy management can be done centrally, but applied globally.
By running its firewall on the cloud, Cato Networks also lets administrators have full visibility over their deployments, wherein all internet and wide-area-network traffic can be scrutinized and protected. This also means better scalability, which is essential for any business focusing on an agile approach.
One often overlooked aspect of digital security is the “people” aspect to it. Businesses should not forget that individual users are often targeted and vulnerable to phishing scams and the like.
In addition, workers might sometimes be oblivious to their responsibility in ensuring the security and integrity of data. Many would access social networking apps from within the corporate network, and some workers even conduct their collaboration through public solutions like Facebook Messenger or WhatsApp.
It’s important to define what employees can and cannot do with the business data. It is also important to adequately train everyone on the proper use of such information. For example, this can include exchanging files and documents only on secure and encrypted platforms.
Messaging applications like WhatsApp and Telegram, for instance, encrypt communications while at rest and in-transit, which could prove useful when communicating outside of the organization. For collaboration, Slack also promises encryption with both free and paid services, and it is an incredibly popular collaboration app among startups and enterprises.
Also advise employees against using unsecured networks. Data can be retrieved from smartphones and laptops that connect through unencrypted Wi-Fi access points, for example. And one other serious concern is the loss of a device.
Security is not just about preventing malicious agents from stealing data and wreaking havoc on systems. It is also about educating valid users about good security practices, so they don’t fall victim to scams, phishing attacks, or even stupid slipups.
One of the biggest concerns about BYOD is the perceived lack of control over the data stored on devices. Case in point: When a laptop or smartphone is lost or stolen, unscrupulous individuals could steal the data from within. Even with strong passwords, an unencrypted device can be reverse-engineered, and data from its hard drive could be retrieved.
For this purpose, businesses should address the vulnerability by enforcing remote controls. For example, enterprise-grade deployments of popular email solutions like Office 365 would include a remote-wipe capability, wherein an employer or administrator can remotely delete data stored on users’ phones when necessary. This usually applies only to business or enterprise data stored on certain applications, although by practice, administrators could still remotely reset or wipe an entire device as necessary.
This comes with certain privacy concerns, however, especially in terms of the business violating the Electronics Communication Privacy Act. However, there is precedence that such remote-wipe is not considered an infringement of an individual’s right to communications privacy.
For any business, security breaches can be a costly affair, hence the importance of having a security strategy that fits one’s business. With the growing prevalence of cloud-based applications, mobile devices, and decentralized applications, this strategy should likewise entail the use of applications that are more attuned to these new technologies.