With the advent of cloud computing and the widespread use of smartphones and tablets, companies today must deal with the issue of employees utilizing their personal mobile devices to conduct company business. According to analyst estimates, the enterprise BYOD adoption rate in 2014 was anywhere from 40-70 percent across all industries. In 2015, the trend continues to grow.
Research released by Osterman Research reveals that for every corporate-issued mobile device, there are now two personally owned iPhones, iPads, and Android devices. This statistic illustrates the fact that BYOD trends are likely to continue.
If the thought of data risk with BYOD adoption keeps you up at night, you are not alone. The possibility of data breach is real and immediate. As more employees use their personal devices for company business, risks can escalate quickly. What are some of these risks?
1. Lost or stolen devices: According to The Security for Business Innovation Council, a group of Global 1000 Information security leaders, the number one concern with BYOD adoption is lost or stolen devices. A smartphone left in a hotel room or taxi may contain sensitive company information. Found by the wrong person, this could represent a data breach nightmare. Osterman Research estimates that less than 1 in 4 devices like this can be remotely wiped by the device owner or the company whose sensitive data may be involved.
2. Vulnerable software: It is likely that your company has a policy to ensure that its internal hardware and software is regularly updated with the appropriate security patches to ensure safety and compliance with applicable regulations. Can the same be said for the personal devices of your employees? Employee failure to apply software security updates can put your company at risk. Third-party applications that are running on the devices of your employees allow you little or no control over software coding errors that can potentially expose your sensitive information to unscrupulous individuals.
3. Unprotected email: How many times a day do your employees check company email with their personal devices? If the employee does not have a PIN code to lock their device, anyone using that device automatically has free access to emails, even those containing sensitive company information.
4. Hotspots: Many employees may use devices that are set by default to identify and connect to open wireless access points when available. If this default setting is not changed appropriately, the device becomes vulnerable to man-in-the-middle attacks.
5. Storage Solutions in the Cloud: Dropbox and similar cloud storage solutions can potentially be vulnerable to unintentional data leakage issues. If your company is not providing a specified, secure storage solution for employee use, it is likely that your employees will, for the sake of convenience, use a less secure storage option which will put your data at risk.
If your company allows employees to use their personal devices for company business, it is imperative to craft policies and procedures to ensure the safety of your data and minimize risk. The Security for Business Innovation Council, in their report entitled, “Realizing the Mobile Enterprise”, recommends the following checklist:
Because of the inherent risk involved, you may be less than thrilled with the prospect of allowing a BYOD policy. However, the truth of the matter is that convenience is a key motivator for employees to use their personal devices. Simply put, BYOD is likely a behavior that is here to stay. This being the case, having a well-defined company strategy to manage BYOD risk is essential.
The good news is that you do not have to navigate these waters alone. A professional managed service provider can provide you with the tools you need to address the risk.
Here are a few things that GeekTek IT Services can do to bolster your security efforts:
If you would like help with BYOD issues, please contact us. We are hyper-focused on the security of your business, and we will gladly work with you to manage the risks involved with BYOD issues.