How BYOD Impacts Device Security

Today’s employees want to — and in many cases today, have to — be productive and available from anywhere at any time. More than ever, teams need to communicate and collaborate from different locations through a variety of channels, devices, and networks.

In order to address this need, companies are starting to think harder about clear Bring Your Own Device (BYOD) policies that enable employees to use their own devices to access company files, systems, and applications.

However, this poses a challenge for IT and security teams that are tasked with protecting their company’s data and infrastructure.

The challenge: Keeping BYOD devices secure

Unfortunately, there’s not really a one-size-fits-all method for IT to provide consistent login experiences across each device type. Every device’s operating system has particular requirements for implementing security measures.

Thus, maintaining a secure BYOD environment means managing access across a large sprawl of devices and operating systems — an onerous task that can leave a company open to potential vulnerabilities due to disparate policies and processes.

Mobile threats to look out for

In Verizon’s 2020 Mobile Security Index Report, 29% of companies faced a regulatory penalty as a result of a mobile-related security compromise. Many on-prem threats still apply to mobile and remote workers — the use of easily guessed login credentials, for example, is a very common high-risk behavior that users will have to consider no matter what device they’re using — but there are a handful of cyber threats that mobile workforces should give special thought to as they adopt BYOD policies.

  • Social engineering scams targeting mobile users are becoming increasingly sophisticated, leading to 47% of enterprise users clicking on a phishing link from their mobile device at least once. Smaller screen sizes, limited information, one-tap action buttons, and a range of communication channels (like WhatsApp and Facebook Messenger) all provide opportunities for hackers to entice less savvy users.

  • Working on-the-go means users may connect to unsecured WiFi points and expose themselves to man-in-the-middle attacks and other network-based threats. Even if users leverage their own home wifi, there's no guarantee that they secure the network with a strong password — or apply a password at all.

  • Users can make poorly-informed decisions regarding which apps can see, alter, and transfer their data, resulting in data leaks.

  • Unlike work devices, personal devices don’t come with timely, guaranteed system updates — and new threats can easily outmuscle outdated systems.

  • Device security isn’t just hard to enforce—it’s also hard to monitor. Oftentimes, IT doesn’t have the infrastructure to catalog and audit the various devices that employees are using to access corporate resources.

That list isn’t exhaustive, but it paints a clear picture: the more devices that the workforce uses, the more a company is open to vulnerabilities.

Making devices work for you

The many connected devices we have at our disposal have made work more adaptable, collaborative, and—for IT and Security—more challenging. Still, protecting these devices is not an unachievable goal.

We encourage admins to take stock of their organization’s security needs and find out what allowances employees need to do their best work. Seek out tools that facilitate easy and accessible work experiences while shielding your systems and applications.

In part 2 of this series, we’ll further discuss how organizations can keep external user devices secure. In the meantime, we hope these resources will be helpful in getting your workforce device-ready: