360 Degree Cyber Security, LLC

Tag Archive:Stolen Device

BYOD Pt 2. The threat vector

As I mentioned in my last post, bringing your own device (BYOD) provides a benefit to businesses that need work done, but don’t have the money to purchase the equipment.  But there was a caveat, that benefit must be weighed against the risk the business assumes by allowing BYOD.

Second to the businesses employees, the most valuable asset a company has is their information and the information they process.  This information is what is at risk if there happens to be vulnerability that is exploited (intentionally or unintentionally) by an employee or other person that gets there hands on the device.

Some threats that pose dangers to your data is

1. Malware/Viruses/Spyware.  Introduction of malware, viruses, and spyware into the company IT infrastructure could have a crippling effect on your business.  The latest malware also known as ransomware encrypts the data on the users device and there by prevents the user from gaining access to the files needed.  If a BYOD user gets hit with ransomware while connected to the business’ files, the business may be out of luck.

2. Lost/Stolen device. Perhaps the largest threat.  The Veteran’s Administration is no stranger to lost portable electronic devices.  In 2006 they lost a single laptop that contained a significant amount of information about U.S. veterans.  It has not only happened to the Veteran’s Administration but also to car manufacturers, HR recruiting companies, etc.  Once the device is lost, the data is potentially forever lost and possibly compromised.

3. Rooted devices.  Device manufacturers go to great lengths to ensure some level of security on the devices they sell.  But there are people that want more access to the inner workings of the device.  The super power users inadvertently open their device to being an easier target for malware and misbehaving applications.

4. Outdated software. Numerous times each week, updates and patches to software applications are released to fix flaws within the application that not only affect how the application works, but also affect the security of the device and data.

5. Open WiFi.  In this day and age, most are desiring the ability to be able to connect anywhere at anytime.  Look at all the places that offer free or pay WiFi… airport, coffee shops, stores, restaurants, just about anywhere you go.  When connecting to these WiFi sources, the connections are typically unprotected.  Another person at the same coffee shop could snoop on the mobile device’s traffic and get all sorts of information.  Maybe even get into the computer.

6. Unlocked devices.  Locking the device provides a minimal measure of security.  This prevents people from picking up the device and scrolling through documents, emails, or other files related to your business.  It is a simple mechanism, but is often not implemented.

This just a summary of some of the larger threats associated with BYOD.  In my next blog entry, we will look at what can be done to protect a business while still implementing BYOD.

Until then… Think twice and perform a cyber 360.