BYOD can become the weakest link in corporate security
By Ashwani Mishra, ETCIO.com
Imagine you switch on your smartphone device and a text pops up that reads, “You need to pay us an X amount or we will sell your information in the black market. We guarantee that once you make the payment we will restore your services, else we will sell the information and delete all your sensitive data.”
The Bring Your Own Device (BYOD) phenomenon continues to cause big problems for organizations across the board. And despite the heightened awareness of security risks, many organisations still lack a sense of urgency in addressing their mobile security strategy issues.
What’s alarming is the fact that while enterprises in India are spending more on cybersecurity each year, organizations are still not confident of their ability to sense, resist and respond to cyber threats.
A recent Ponemon Institute study surveyed 600 IT and IT security practitioners and found that 84 percent of them are very concerned about malware threats to their mobile applications. In December last year, a malware called Gooligan hit the headlines after it was discovered loading unwanted apps onto smartphones as part of a mobile-marketing scam.
Many enterprises have been breached as the result of an insecure mobile application over the past 12 months, mobile applications are not tested for vulnerabilities, and yet businesses are taking little measures to protect their mobile environment.
Improving mobile security posture
The key concern while addressing mobile security issues isn’t necessarily the smartphone, tablet, or laptop – it is the individual user.
Here are some best practices for preparing BYOD policies for your business:
Determine business needs: While adopting BYOD, consider work culture in the organization, and habits of mobile users. Think about the scenarios where your users prefer to access corporate data on personal devices, and common habits of users when accessing sensitive data. It is better to define which on-device applications are mandatory and which are prohibited. Identifying such requirements can help in building a standard structure for BYOD adoption across.
Find the right partner: Look for the right solution partners that can help encrypt your data, protect networks and various endpoints. Have mobile policies like access controls, device back-up, etc. in place. Look for solutions that lock access to a mobile when lost or can remote wipe on-device data, back-up and restore device data.
Education and awareness: Employees need to learn how their actions can have consequences. Focused sessions on corporate data protection and briefings on latest security threats can prove useful.
As exploits and hacks become more creative, mitigating mobile security threats call for immediate attention for businesses. Making mobility a standard part of your company’s broader security policy and procedure framework will be critical.