today’s corporate environment has skyrocketed. We now find ourselves living in the bring-your-own- device (BYOD) era – where employees use personallyowned smartphones, tablets and laptops in their day-to-day work – and it’s becoming the rule, rather than the exception.
However, what companies gain in productivity and cost-saving benefits from the BYOD trend (known as the consumerisation of IT), can be lost in poor control and flimsy policy. More mobile devices are being used to conduct business on the move and hackers are constantly looking for new ways to exploit the mobile platform. THE POST-PC DESKTOP ERA While the post-PC desktop era allows for greater freedom and flexibility by allowing employees to work on their platform of choice, it places strain on technical support teams.
Traditionally, I T departments worked in a desktop PC and homogeneous smartphone environment where BlackBerry ruled the roost as the only enterprise-ready device. Now, with the average employee using two or three different pieces of mobile technology, there is a variety of devices (HTC, Nokia, Samsung, Apple) and operating systems ( Android, i OS, Windows) whose mobile security has to be accounted for and managed. SECURITY RISKS Lutz Blaeser, MD of Intact Security, says that the challenges that BYOD poses are many. “With BYOD, employees are no longer functioning within the traditional company parameters and networks. Data now needs to be protected outside the company, on multiple devices, in many environments. Instead of securing the device, businesses need to look to securing the actual user.”
He explains that when a mobile device connects to a public or 4G network, security teams lose visibility because appliances cannot see the traffic, and only by having total visibility over device usage and user activ-ities, can a business have sufficient protection.
According to a Kapersky Lab white paper titled Security technologies for mobile and BYOD, the volume of new malware that is specifically targeting mobile devices is growing at an almost exponential rate. The nature of many of the new malware attacks is also becoming increasingly sophisticated – as cybercriminals recognise the value of the information which they can steal from mobile devices. A BYOD GAME PLAN Blaeser says that a good step towards BYOD security is making sure that no individual has access to business data that that they do not specifically need.
“Understand what data is stored on the device, decide how long it needs to l i ve on this device, and whether it is there only when online or if it is also cached for frequent usage.”
In addition, he says, encrypting corporate data is important. Encryption protects sensitive data on users’ desktops, mobile devices, flash drives, in email, and more, making regulatory compliance easier.
Tightly controlled BYOD policies are also vital, Blaeser says. “Many devices are lost or stolen on a daily basis. Businesses should insist upon the installation of a lightweight, highperformance, anti-virus solution and enforce password use. Make sure that your users have a security tool installed that allows for remote locking of the device, and for the remote wiping of all data on the device.”
Finally, educate staff, as physical security is the first and best defence. Make sure they know better than to leave devices logged on to websites, email or networks.