BYOD culture means we’re increasingly receiving emails outside work hours and accessing company data on the go. Cost effective and flexible it may be, but employees’ mobile habits could be leaving your company open to cyber-attack, says Paul Jarrett, managing director of digital agency Sonin
The number of workers using their personal devices for work purposes, a trend we call ‘bring your own device’ (BYOD), has been estimated at anywhere between 67 and 95 per cent. Employees are checking email on the go and accessing CRM software outside the office, all on their own devices. The line between using mobile for personal and work tasks is blurring fast.
In short, BYOD presents huge benefits, and we know that companies embracing it are seeing a significant increase in productivity, clearer business activity and reduced infrastructure costs. Naturally, employees are already accustomed to using their own devices, making it easy to complete tasks anywhere at any time with minimal effort.
The downside… cyber-criminals are aware of this trend and are increasingly using employee mobile devices as a gateway to attack companies, both large and small.
As mobiles were initially consumer products, they have very little security built in, making it much easier to spread malware via them rather than desktop computers. An unsecured device that accesses a company network creates an open door for hackers to access your core systems.
I often have conversations around mobile security, and find that many business owners aren’t aware of their employee’s mobile usage, and don’t understand the security risk a BYOD policy may carry. This is particularly so when staff are acting on their own initiative to use mobiles for work, rather than following a company BYOD policy.
This gives hackers the ideal opportunity to access confidential data in your core system and pursue a cyber-attack. So, regardless of the size or sector of your company, having an understanding of how employees interact with their mobiles is key.
The most efficient and effective way to protect your business from a mobile attack is to simply manage your systems, not the devices. By ensuring your systems have the relevant security settings you can make them “device risk-aware”, restricting certain functionalities, removing sensitive data and preventing access to the enterprise resources.
As long as you understand your employees’ interactions with their mobiles, assess the specific risks your business faces and identify the data you wish to protect, you can make the necessary steps to reduce security risks. That could mean introducing a BYOD policy, changing your security settings, protecting your core systems and putting an application program interface (API) in place.
BYOD policies can be one of the great gains of the modern workplace. But if they’re not properly protected, they could turn into an even greater loss.
For more on a secure BYOD policy