Bring Your Own Device, Build Your Data Security
Oct 20, 2016
Why Is BYOD Security Relevant?
In 2015, about 53 million Americans were employed as freelancers;just over a third of the entire US workforce. By 2020, the number is expected to rise to half. Hiring skilled labor on-demand allows companies to perform more flexibly, as well as lowering overhead when skills are needed infrequently or for special cases.
Freelance labor isn’t the only environment where BYOD practices rule. Small businesses may lack the resources needed to standardize, and large businesses may make their work environments more appealing by allowing employees to work on familiar devices, work from home with personal devices, or work remotely on whatever devices are most portable.
Why Is BYOD Security Complex?
BYOD practices mean opening up corporate data systems to devices with a wide range of operating systems, plugins, applications, browsers, and vulnerabilities. Users may have outdated versions of browsers and other software, or may unknowingly be running systems contaminated with sniffers or viruses. Earlier this year, Net Applications reported that over a third of Internet Explorer users ran outdated versions that are no longer supported by Microsoft meaning that as security vulnerabilities are discovered, they remain unpatched.
BYOD practices concentrate data vulnerabilities on the user’s end, which is the end most difficult to control on the IT side. While stolen user credentials, whether obtained through phishing, social engineering scams, or brute-force password-breaking attempts, have always been a significant threat, targeting vulnerabilities in systems used in a BYOD environment is a large and growing threat as well.
How Is BYOD Security Implemented?
There are a couple golden principles to keep in mind in a BYOD environment.
- Authentication needs to be strong. User credentials can be stolen, and devices with persistent sessions can be left unattended and stolen or used without the owner’s knowledge. Passwords are also frequently shared between multiple applications for a given user. Implementing rigorous password criteria, requiring passwords to change, logging users out of sessions after a period of inactivity, and using a two-factor authentication system can help a company ensure that the people accessing their systems are the ones who need to be there.
- Devices need to be managed for risk. Even when the devices aren’t owned by a company or standardized by the IT department, the IT department needs to have a certain amount of visibility into the devices of all employees whether they’re full-time, contract, or freelance. This visibility allows a company to make risk-based decisions on access, and limit or deny access to devices with known security vulnerabilities.
What Is the Takeaway?
BYOD policies can increase flexibility, add opportunities for employees to work from home or on the road, and increase employee comfort but they come with risk. However, running a BYOD workplace doesn’t mean surrendering control of data security. By working with employees to strengthen authentication and keep all connected devices in good health, companies can harness the best of both worlds.
To learn more about managing data security, get in touch with QOS Networkstoday.