Bring your own device (BYOD) policies are commonplace in many organizations today. Employees bring in their personal cell phones, laptops, tablets and other mobile devices and use them to content to corporate networks. Additionally, employees regularly use personal computers and other devices not owned by the organization to work at home or on the road.
Unfortunately, BYOD can be risky for organizations that do not implement adequate security controls. Personal devices that aren’t properly managed by the company often have inconsistent security controls implemented on them. For example, one device may lockout after three minutes of idle activity and require a complex password, while another may not even require a password to log on. However, both devices may be used to access sensitive or critical business data. For organizations that lack strong and consistent security controls, BYOD can easily turn into a security nightmare. Here’s a quick list of steps you can take to create a BYOD policy that will protect your business data:
- Establishing a policy that governs how BYOD devices can connect to and use organizational systems, how they should be backed up, and which security settings should be in place.
- Configure devices to connect to network resources over a transparent virtual private network.
- Gain greater control over mobile devices with a Mobile Device Management (MDM) solution. MDM solutions allow for more consistent security settings to be applied to devices. For example, applications can be whitelisted or blacklisted, BYOD devices can be geofenced, and jailbroken phones can be banned from connecting to networks or data stores.
BYOD and the ransomware threat
A large percentage of BYOD devices are mobile phones or tablets that are susceptible to some forms of ransomware. Mobile ransomware viruses often masquerade as enticing applications such as POGO Tear, which pretends to be a Pokemon Go application; Android defender, a bogus antivirus app; Charger, a fake battery management app; Lockdroid, a counterfeit Google Android update package; and Lockscreen, a deceptive Android lock screen app. Some mobile devices have been found to have malware pre-installed on them. The owners of those devices did not need to download a fake app. They were infected the moment they powered up the new device.
The good news is that mobile data is often easy to restore if appropriate backups have been taken off the phone or tablet. The bad news is that an infection may not be limited to your device. Worms may propagate through mobile email clients to your contacts. Additionally, some malware may infect a mobile device and then be transmitted to a computer when the device is connected for charging or data exchange.
Protect yourself by keeping your mobile operating systems and apps up to date. Consider a mobile firewall, mobile antivirus solution, and make sure you back up your device. Other BYOD devices such as laptops should be equipped with endpoint protection software, secure and up-to-date operating systems, and they should be backed up regularly.