As I mentioned in my last post, bringing your own device (BYOD) provides a benefit to businesses that need work done, but don’t have the money to purchase the equipment. But there was a caveat, that benefit must be weighed against the risk the business assumes by allowing BYOD.
Second to the businesses employees, the most valuable asset a company has is their information and the information they process. This information is what is at risk if there happens to be vulnerability that is exploited (intentionally or unintentionally) by an employee or other person that gets there hands on the device.
Some threats that pose dangers to your data is
1. Malware/Viruses/Spyware. Introduction of malware, viruses, and spyware into the company IT infrastructure could have a crippling effect on your business. The latest malware also known as ransomware encrypts the data on the users device and there by prevents the user from gaining access to the files needed. If a BYOD user gets hit with ransomware while connected to the business’ files, the business may be out of luck.
2. Lost/Stolen device. Perhaps the largest threat. The Veteran’s Administration is no stranger to lost portable electronic devices. In 2006 they lost a single laptop that contained a significant amount of information about U.S. veterans. It has not only happened to the Veteran’s Administration but also to car manufacturers, HR recruiting companies, etc. Once the device is lost, the data is potentially forever lost and possibly compromised.
3. Rooted devices. Device manufacturers go to great lengths to ensure some level of security on the devices they sell. But there are people that want more access to the inner workings of the device. The super power users inadvertently open their device to being an easier target for malware and misbehaving applications.
4. Outdated software. Numerous times each week, updates and patches to software applications are released to fix flaws within the application that not only affect how the application works, but also affect the security of the device and data.
5. Open WiFi. In this day and age, most are desiring the ability to be able to connect anywhere at anytime. Look at all the places that offer free or pay WiFi… airport, coffee shops, stores, restaurants, just about anywhere you go. When connecting to these WiFi sources, the connections are typically unprotected. Another person at the same coffee shop could snoop on the mobile device’s traffic and get all sorts of information. Maybe even get into the computer.
6. Unlocked devices. Locking the device provides a minimal measure of security. This prevents people from picking up the device and scrolling through documents, emails, or other files related to your business. It is a simple mechanism, but is often not implemented.
This just a summary of some of the larger threats associated with BYOD. In my next blog entry, we will look at what can be done to protect a business while still implementing BYOD.
Until then… Think twice and perform a cyber 360.
What is BYOD? Sounds like something illegal that you might bring to a party. However this is not that type of D.
BYOD is “Bring Your Own Device.” More and more companies and businesses are considering the use of BYOD as it is a method of reducing the amount of money spent on equipment. Think about it, you don’t need to provide a workstation to the employee because they are going to use their own laptop, tablet or mobile device.
Kind of like not having to buy an ambulance or an engine since the first responder has their own gear and responds to the scene of the emergency. Think of all the money we would save if we use the first responder’s personal vehicles. Does not make sense. The vehicle will likely not have all the necessary equipment. Particularly true when you need several hundred gallons of water.
Well it partially makes sense, what is needed is the middle ground with certain protections in place.
BYOD works well in small businesses that can’t afford the overhead of providing workstations to each employee. With more and more cloud enabled software (Google Apps for Business/Education/Non-Profit, Microsoft Azure and Office, etc.) employees can get the work done if they simply connect to the Internet. The cloud allows for access to company resources in a protected manner. But only to resources the company allows, which should be measured against the sensitivity and requirements of the job.
Just as most jurisdictions don’t allow EMTs & Paramedics to run around with medication in their own personal vehicles, there are times when having the knowledge they possess can put in place an intervention to save someone’s life without the use of medications. In the business environment there maybe times where working on certain projects requires work be done on personally owned equipment and other times where work must be performed in the office on company owned IT equipment.
So it is a balance. In my next blog, I will go into ways of protecting your data when using BYOD.
Think twice and perform a cyber 360.
Special shout out to fellow EMS professionals for EMS week.