With unemployment low globally and skills shortages in many industries, we’re living in an employee’s job market. Additionally, the new generation entering the workforce expects to be engaged and appreciated at higher levels. A digital workplace strategy can help differentiate your company and appeal to top talent. Still, it’s important not to overlook cybersecurity considerations for securing a ‘bring your own device’ (BYOD) workplace.
The Drive for BYOD Workplaces
Globally, workers are confident in the job market. In December 2017, more U.S. workers quit their jobs than at any time in the past 16 years. The Bureau of Labor Statistics reported 3.259 million workers voluntarily quit their jobs. The last time that many workers quit was in January 2001, during the dot-com bubble.
Companies that develop a digital workplace “are increasing their organization’s overall performance—and competitive differentiation,” according to a Forbes Insight survey of 2,000+ CIOs and frontline employees.
The research suggested “boosting individual access to the business apps employees need, when they need them,” helps:
- Ease experimentation and drive faster innovation
- Leverage self-service as the progressive engagement model for employees
- Deliver outstanding consumer-like experiences.
Using personal devices for work activities saves employees 58 minutes each day, providing a 34% increase in productivity. — Frost & Sullivan for Samsung
At the same time, enterprise mobility reduces hardware cost and can increase smartphone penetration, which can mean employees are working on more cutting-edge, energy-efficient devices. Cisco research suggests companies with a BYOD policy save an average $350 per year, per employee.
No wonder, BYOD and enterprise mobility market size is estimated to grow from USD 35.10 Billion in 2016 to USD 73.30 Billion by 2021, at a CAGR of 15.87%.
Further, employees in BYOD workplaces, compared to employees at traditional organizations, were also 5x more likely to report increased personal productivity and almost 4x more likely to say their companies are more desirable places to work, per Forbes Insight.
With so many benefits, it’s not surprising that as of 2016, six out of 10 companies had a BYOD-friendly policy in place, according to Syntonic. The question is whether or not all of these organizations are aware of the risks associated with the BYOD workplace.
Ensuring ‘Bring Your Own Device’ Security
There are several new challenges for IT in a workplace with a BYOD policy in place. For one, the number of devices IT is supporting can jump dramatically. This means the tech team:
- Has to learn many new devices to provide support
- Faces increased support demands as the mobile-enabled employees work wherever they are, whenever they want
- Relies on users’ discretion to not download malicious applications that can compromise the phone and leak sensitive company data to cyberattackers.
Then there’s the issue of people losing stuff. It happens to the best of us. If an employee loses their BYOD device though, that loss poses a big security risk. Yes, that device will have had some basic form of protection at least — PINs, swipe codes, and fingerprint scans. But a dedicated hacker can find a way in if they are motivated enough.
BYOD Loss Precautions:
- Establish strict policies for securing devices accessing business networks
- Communicate reporting procedures for the loss/theft of a device
- Enable mobile monitoring management of all BYO devices to give IT the ability to access and erase the errant device
- Regularly backup mobile devices.
Then, there’s the loss of the employee to deal with. When a worker leaves the organization with the personal device that has been accessing the company’s network and applications, this represents a security threat too. The former employee could leave with the ability to gain unauthorized access to systems after they’re gone.
Employee Loss/Termination Precautions:
- Have an exit procedure in place to wipe devices clean of company passwords and information.
Even when employees remain on payroll and loyal to the organization, their use of their personal devices can cause concern. For one, they may lack the most up-to-date firewall or anti-virus software on their devices. Or, they could inadvertently download an application from a disreputable site. Particularly common is the individual’s tendency to access unsecured Wi-Fi. These networks (think coffee shops or airports) can provide hackers with easy access to company systems or networks.
BYOD Network And Device Precautions:
- Educate employees to regularly update firewall and anti-virus software
- Prohibit third-party apps and whitelist only known apps
- Set devices to prompt users before connecting to networks so are aware they may be connecting to unsafe networks
- Turn off Wi-Fi and Bluetooth connectivity
- Allow employees only to connect their devices to trusted networks.
Another threat in the BYOD environment is the move towards near-field communications (think of that ad with the NFL player buying sodas for teammates with a wave of his phone). This tech also lets users communicate with other similar devices within range. There are reported threats that can force the user’s phone to load content without the user’s interaction.
In a simple proximity attack scenario, the attacker forces a device laden with corporate data to browse to a site offering a malicious payload, which could lead to a potentially devastating loss of proprietary data and intellectual property. Regrettably, we’re relying on device manufacturers to take precautionary measures in this case (such as enabling users to customize their NFC security settings). In the meantime, you might assist users in optimizing their access control and app permission settings so that each application can access only what it needs to function and nothing more.
Before implementing a BYOD policy in your workplace, establish clear guidelines, and educate your employees. RedTeam Security Consulting can help your business develop a secure environment. Through penetration testing and social engineering testing, our experts can also help gauge your susceptibility to a mobile device and other cybersecurity threats.
Click the button below to request a customized proposal from RedTeam in minutes.
10-Point Offensive Security Checklist
Get A Bird's Eye View Of Your Organization's Security Readiness