In today’s workforce, the use of personal mobile devices for work has become the norm. This new environment is what we call Bring Your Own Device (BYOD). While these environments provide many benefits to enterprises such as reduced cost, increased flexibility, and increased employee productivity, they are also accompanied with security concerns, such as introducing unpatched devices into the network and the risk of unauthorized personnel gaining access to these devices. Here are 6 ways you can protect your organization from these BYOD security risks:
1. BYOD AUP: Clearly Define Your Acceptable Use Policy
It is imperative that this is clearly defined and communicated to your employee base, who will be using employee-owned devices for work to access your network. An example of this could be clearly defining applications which are allowed, and which are not, as well as websites users can access while in the company network.
2. Utilize a BYOD Mobile Device Management (MDM) Solution
If you’re considering implementing a BYOD policy, an MDM solution is a must due to the centralized management of all mobile devices that enter your network. This allows for security patching, application management, and updates to be performed on all enrolled mobile devices. Such solutions help in the decrease of potentially vulnerable devices in your network.
3. Provide BYOD End User Awareness Training
While user awareness training is always an important part of keeping enterprises secure, it becomes especially important when utilizing a BYOD policy. This includes enforcing strong passwords on personal devices, data security management, and safe internet habits. This training can be rolled out as often as once a month or at a minimum of once a year based on what makes the most sense for your organization’s culture.
4. Secure Your Network
With a BYOD policy in place, employees will now have the ability to connect personal devices to your network – this means that someone can connect from an unsecured network. According to the security tips from the FCC on wireless and Bluetooth connections, you can combat this by checking the validity of available WI-FI hotspots and making sure all websites the user exchanges information with are encrypted. Other ways to secure your network include reducing the risk for unauthorized access to company-sensitive information when a device is lost and/or stolen. This can be achieved by enabling a multi-factor authentication process within your network and using remote wiping software.
5. Formulate an Employee Transition Plan
When an employee leaves the company, it’s important to have the proper procedures in place to ensure company-sensitive data is removed from their personal devices and network. Ignoring this could increase security risk down the line, including the risk of data loss or theft, targeted phishing campaigns (or spear-phishing), and the risk of retaliation by an ex-employee who could use this corporate data to cause harm to the company. Your plan should include procedures like disabling company emails and changing or disabling access to all company accounts.
6. Mitigate BYOD Risk
Let’s say a compromised host slips through the cracks. It’s important to understand that the steps listed above are to help reduce the security risks that accompany BYOD; however, it is still possible that these devices could become compromised. Isolating the host, antivirus, and reimaging may all be necessary.
Isolate the Host
Isolate the compromised host and, by following the file path of the infected file, manually remove the malware. You’ll want to inspect load points, as malware is run each time a computer starts, and brush up on identification of legitimate objets, or true files under their current names, not imitations.
Second Antivirus Scan
Run a second antivirus scan to ensure the malware has been successfully removed. If it is still detected, there is an option to run your scan outside the normal operating system by rebooting your computer in safe mode. This will hopefully prevent the malware from loading and you can have a chance of finding it.
Unit Reimaging
If the malware still hasn’t been successfully removed, a reimage of the unit may be required. Be sure to backup any files that you don’t want to lose on a separate drive.
Infected Artifacts
After these steps are taken, your team should perform a search on the infected file artifacts, such as the hash, to ensure no other hosts have been compromised. Indicators of compromise or evidences of a breach are usually left in files, images and links.
Other Compromised Hosts
If other compromised hosts are found, repeat the scenario on each of these hosts.
By following this incident response process, your team should be able to quickly find and resolve a compromised host.
The traditional workplace is quickly becoming a thing of the past. By following these steps above as mitigation strategies, and by having a streamlined process to manage devices you can reduce the security risks that accompany a BYOD environment.
Detect and respond to BYOD risks with ReliaQuest GreyMatter
ReliaQuest GreyMatter integrates and normalizes data from disparate technologies including SIEM, EDR, multi-cloud and point tools, on demand, so you always have a unified view to immediately and comprehensively detect and respond to threats from across your environment all within the GreyMatter UI.