Security
 | 3 min read

The minefield of BYOD

By  Murray Goodman,
 10 August 2014

The consumerisation of IT has led to increased use of personal devices in the workplace. The proliferation of these devices is fuelled by tech-savvy workers and younger generations entering the workforce.

This can be a minefield for businesses and opinion is split on the benefit of BYOD (Bring Your Own Device) with many companies struggling to manage the complex issues that this brings.

Anticipated business benefits of BYOD include improved efficiency, productivity gains and a more mobile work force. Increased job satisfaction and the employee shelling out for the cost of the latest device rather that the employer, are also benefits. Some organisations forecast reduced cost through less need to troubleshoot device-related IT issues as many are resolved by the user. These savings may however be offset by the increased overhead of managing the BYOD environment.

 

Employees benefit from using the device of their choice rather than the one chosen for them by their employer. For users this means having a single device to manage rather than two. Therein lies the problem; the same device is now being used for business and personal use and maybe by the kids when at home.

 

BYOD therefore brings with it two major management headaches – security and how to account for personal vs legitimate business use.

 

Google ‘lost phones’ and you will find a number of frightening statistics; US$30 billion worth of mobile phones were lost in the U.S. alone last year. That’s about one every 3.5 seconds – a major inconvenience for individuals, but a major security risk for business.  Does your business have a security procedure for mobile devices that includes a lockdown in the event of a lost or stolen phone?

 

According to a survey by data security firm Sophos, 22 per cent of respondents have lost their phones and 70 per cent didn’t use password protection. Apple has an app called ‘find my iPhone’ that enables users or business administrators to remotely lock or reset the phone’s password and wipe data remotely. Android has a similar feature. These features reduce the risk of you losing valuable company information in the event of a lost device.  In addition many large companies that embrace BYOD have the following in place to manage risk: an employee code of conduct, some sort of security and a management framework to ensure security policies and procedures are kept up to date and in line with employee use and security trends.

 

The need for security extends beyond the need to be able to secure the actual device should it be lost or stolen. The ubiquity of mobile devices and the ability of users to be able to access the internet from almost anywhere means mobile users are becoming more attractive targets for cybercriminals.

 

According to Blue Coat’s 2013 Mobile Malware Report, mobile threats are still largely mischief-ware focused on texting scams or stealing personal information. The most successful mobile malware tactics are the same scams, spam and phishing that dominated the threat landscape when malware first moved to the web. However mobile users tend to access more personal and recreational type of applications during everyday use than the typical desktop user, which means that malware is now targeting these sorts of applications.

 

Best practice is therefore to enforce security uniformly across your network and extend this to mobile devices. Blue Coat calls this ‘closing the mobile app gap on your network’.

BYOD is a complex and growing trend for businesses and is an issue and responsibility for both business and end users alike. Companies that can securely manage mobile devices could gain a competitive advantage through more productive employees. Failure to do this risks security breaches, lost productivity and the cost to remedy.

 

The fine line that businesses must walk is how to best implement mobile security without being seen as intrusive or restrictive by end users. There is a high expectation that businesses should provide or at least enable the right tools and technology for employees to do their job. If employers fail to deliver this or are slow to respond, you can be sure employees won’t hesitate to bring in and use the device they feel they need to do the job.