In today’s workforce, the use of personal mobile devices for work has become the norm. This new environment is what we call Bring Your Own Device (BYOD). While BYOD environments provide many benefits to enterprises such as reduced cost, increased flexibility, and increased employee productivity, they are also accompanied with security concerns, such as introducing unpatched devices into the network and the risk of unauthorized personnel gaining access to these devices. Here are 6 ways you can protect your organization from these BYOD security risks:
1. Clearly define your Acceptable Use Policy for BYOD.
It is imperative that this is clearly defined and communicated to your employee base, who will be using employee-owned devices for work to access your network. An example of this could be clearly defining applications which are allowed, and which are not, as well as websites users can access while in the company network.
2. Utilize a Mobile Device Management (MDM) solution.
If you’re considering implementing a BYOD policy, an MDM solution is a must due to the centralized management of all mobile devices that enter your network. This allows for security patching, application management, and updates to be performed on all enrolled mobile devices. Such solutions help in the decrease of potentially vulnerable devices in your network.
3. Provide proper user awareness training.
While user awareness training is always an important part of keeping enterprises secure, it becomes especially important when utilizing a BYOD policy. This includes enforcing strong passwords on personal devices, data security management, and safe internet habits. This training can be rolled out as often as once a month or at a minimum of once a year based on what makes the most sense for your organization’s culture. Habitu8 provides tips on how to effectively tackle the training, such as focusing on repeated offenders and effectively integrating new employees to the company’s security culture.
4. Secure your network.
With a BYOD policy in place, employees will now have the ability to connect personal devices to your network – this means that someone can connect from an unsecured network. According to the security tips from the FCC on wireless and Bluetooth connections, you can combat this by checking the validity of available WI-FI hotspots and making sure all websites the user exchanges information with are encrypted. Other ways to secure your network include reducing the risk for unauthorized access to company-sensitive information when a device is lost and/or stolen. This can be achieved by enabling a multi-factor authentication process within your network and using remote wiping software.
5. Formulate a plan when an employee leaves.
When an employee leaves the company, it’s important to have the proper procedures in place to ensure company-sensitive data is removed from their personal devices and network. Ignoring this could increase security risk down the line, including the risk of data loss or theft, targeted phishing campaigns (or spear-phishing), and the risk of retaliation by an ex-employee who could use this corporate data to cause harm to the company. Your plan should include procedures like disabling company emails and changing or disabling access to all company accounts.
6. Prepare your security team to detect and respond to the event of a compromised BYOD device.
Let’s say a compromised host slips through the cracks. It’s important to understand that the steps listed above are to help reduce the security risks that accompany BYOD; however, it is still possible that these devices could become compromised. Be sure your security team is equipped with the necessary solutions to detect such events, including endpoint security tools like MacAfee Endpoint Security and Carbon Black Defense, and understands what to do in the event a device is compromised.
One of the most common indicators of a risk introduced from a BYOD device is a compromised host containing malware. What steps should you be prepared to take if this does happen?
Once a host with malware has been detected, the next step should be to isolate the host and, by following the file path of the infected file, manually remove the malware. At this point, a second antivirus scan should be ran to ensure the malware has been successfully removed. If it fails to do so, a reimage of the unit may be required. After these steps are taken, your team should perform a search on the infected file artifacts, such as the hash, to ensure no other hosts have been compromised. If other compromised hosts are found, repeat the scenario on each of these hosts. By following this incident response process, your team should be able to quickly mitigate a compromise host.
The traditional workplace is quickly becoming a thing of the past. By following these steps above and having a streamlined process to manage devices, you can reduce the security risks that accompany a BYOD environment.
Detect and respond to threats faster with ReliaQuest GreyMatter.
ReliaQuest GreyMatter integrates and normalizes data from disparate technologies including SIEM, EDR, multi-cloud and point tools, on demand, so you always have a unified view to immediately and comprehensively detect and respond to threats from across your environment all within the GreyMatter UI.
Other resources you may like: