With BYOD (Bring Your Own Device), businesses face an ever-growing threat to IT security and it’s important for you to address it as soon as possible. Without proper controls in place, it creates a giant hole in your network security.
The Pew Research Center conducted a national survey recently that revealed:
· 12% of mobile device users store work passwords on their personal device.
· 19% of mobile users stored work documents on their personal device.
· 58% of mobile phone owners do not back up the data on their devices.
· Nearly 1 in 3 mobile phone owners (31%) have lost their phone or had it stolen.
Businesses can be easy targets
According to a recent study, forty percent of all cyber-attacks are directed at small to medium-sized businesses. A recent industry report also noted that mobile-targeted malicious software has virtually exploded in the last year and is expected to continue to grow exponentially. Not controlling mobile device access to your computer network dramatically increases your business vulnerability to malicious intrusion.
IT managers have traditionally managed security for company-issued desktops, laptops and devices but policing employees whose personal gadgets connect to the network presents a dramatic new test entirely. Making sure that personal devices that connect to the network are properly secured with anti-virus/malware and are securely locked down is a particularly vexing new issue. Employees may even resist your efforts to controll their personal devices.
“When you get that brand new Droid, load it up with apps and then plug it into your work PC in order to update or sync necessary files, your company’s IT guy has to worry about whether that last app you downloaded might infect the entire network,” personal security expert Robert Siciliano recently wrote for InfoSecIsland.com.
Your IP environment is changing. Your network protection tactics need to change, too. Your company’s security is too important to jeopardize.
What can you do to protect your network?
Determine which devices and operating systems you're willing to support. – Not all devices will meet the security requirements of your organization and nothing says you have to let every device access your network. Give employees that want to access the network some parameters to go by when they shop for new devices.
Write clear and concise policies laying out what is and isn't allowed for all employees who want to use their personal device and have them sign off on them.
Enforce encryption of data at rest – any apps that download and store data on the device should protect that data. If a PIN or passcode is cracked, you want to make sure that data is still protected.
Inventory authorized and unauthorized users – Remember, access to your network is a privilege and not a right.
As we described earlier, security for Mobile Devices is not a one time shot. It’s an on-going process. If you don’t remember that, eventually you’ll get burned.
Determine which types of apps are off-limits. There are hundreds of thousands of apps available, which will you permit? Keep in mind that many apps have no business on your network!
Train your employees to make sure they understand how to correctly use their applications, make the most of their mobile capabilities, and watch for suspicious activity.
Consider mobile device management software that can provide secure client applications like email and web browsers, over the air device application distribution, configuration, monitoring, and remote wipe capability.
Inventory authorized and unauthorized devices and use identifiers like PINs or MAC addresses to keep track of who is doing what on your network.
Inventory authorized and unauthorized users – Remember, access to your network is a privilege and not a right.
As we described earlier, security for Mobile Devices is not a one time shot. It’s an on-going process. If you don’t remember that, eventually you’ll get burned.
0 comments:
Post a Comment