Mobile Device Management: Is It Possible to Have a Good BYOD Strategy?
Bring your own device (BYOD) availability is a great way to get users to work with mobile devices or their own laptops on the network. It reduces the cost for the company by eliminating the need to purchase smartphones and tablets, and users can carry around their own equipment and access the network from home. There are numerous advantages of having a BYOD policy, but there are also numerous disadvantages. The primary disadvantage is security risks, but you can handle them with a good security team and policies that protect the network.
First, You Need to Weigh the Risks and Benefits
While a BYOD policy often brings several benefits, it's not for everyone. You need to weigh the benefits and analyze if they outweigh the disadvantages. The costs that you save providing computer equipment to your staff isn't obvious at first because providing infrastructure for BYOD is expensive at first. You must provide wireless access points, extra routers, improvements in security, and firewalls just to name a few.
Your staff will also be responsible for supporting software on these devices, which can be a huge learning curve for them. For instance, if your users bring Mac laptops and your IT staff only supports Windows, they might have a difficult time supporting the new operating system.
Before we look at the risks, here are just a few rewards or benefits:
- Increased productivity. Users are able to work from home or away from the office, so they are no longer limited to only their office desktop computers.
- Reduced computer hardware costs. Users bring their own devices, so you no longer need to purchase laptops, smartphones or tablets. You can just provide an office desktop and users take care of the rest, albeit they must sign your BYOD policy agreement.
- Synchronization of home and office data. You can reduce costs of real estate by allowing users to work from home. With this option, you also offer employees flexibility. The result is better productivity and employee satisfaction. These metrics reduce employee turnover rates.
- Faster emergency response. If you have an emergency response team, they will be more capable of responding quickly when they are away from the office with their own devices connected to the network.
As you can see, there are several rewards. Now, for the risks. Here are a few risks you should consider.
- Increased security costs. Even if your security is perfect currently, with a new BYOD policy you'll need to add security measures. BYOD increases the risks that your network is vulnerable to malware.
- Increased infrastructure costs. Offering a BYOD policy requires extra network equipment such as wireless access points, server software, routers and firewalls. You'll need to budget for these costs before you can offer access.
- Better data protection. Insider threats are a major concern for organizations as phishing has increased. Even unintentionally, users can be the root cause of your security problems. Education and increase security are needed to protect your data.
- BYOD policy creation. Before you can offer mobile device access, you need to create the policies necessary to control the way users interact with your data and infrastructure. BYOD policies take time and some organizations find that it's a trial and error hurdle.
- Labor laws. In the US, there are strict labor laws regarding user work hours, benefits, and salaries. Check with your legal team to ensure that you're in compliance with local labor laws.
- Limited access control. With local organization desktops, your IT team has complete control of the user's desktop. With BYOD, it's the user's equipment so you do not have control of applications installed or the data stored on the local computer.
Creating a Strategy
Once you've determined your risks and found that it's time to move forward, it's time to create a strategy. You can have a good strategy provided you consider all of the pitfalls. It's also imperative that every year you review your current procedures and analyze your security with new threats in the wild. Security is the major issue when it comes to BYOD, and the face of security changes frequently. If you allow your strategy to get stale, you run the risk of being the next brand headline such as Ashley Madison, Target, Swift, or LinkedIn.
Create Your Own Enterprise App Store
One way for attackers to gain access to your data is to create a program that looks similar to an official app or even your own custom app. You shouldn't just give users the names of apps to download. You should provide them within your own enterprise app store. This ensures that users are downloading only the latest of your apps, and the apps that they do download are the official ones.
You should include all apps that your organization customizes. This eliminates your code going public, and you can ensure that users aren't tricked by malware writers.
Pay for Malware Detection or Antivirus Installations
Most anti-malware vendors have an enterprise version where users can get a centrally stored version of the most current anti-malware and antivirus application to protect their devices. Don't skimp on these costs. It's far more beneficial to offer these downloads for free even if it does cost the organization more IT money. The rewards for a safer computer network are more worth the risks of having your users' computers compromised. When attackers are able to get access to your users' computers, they can then take steps to attack your internal network.
Create a White List and Black List for Public Apps
Users like to try new apps, and they are extremely susceptible to download scams. Some applications look promising until it's found that they contain background malware. You should publish a white list of public apps that you found acceptable and safe. For instance, Microsoft publishes public apps for mobile for their Office suite.
The blacklist is harder to identify because you must be able to establish a list of criteria for applications on the network. Malware is often contained in apps that offer cracked software or pirated movies. These apps should be specifically mentioned in your BYOD policies within the black list.
Geofencing and GPS
Employees don't want to be tracked everywhere they go, but you can use a system called geofencing while the employee is on the premises. Geofencing allows you to block certain apps when the user is on the corporate network, but it's disabled when the employee is off of the premises after hours.
It's important that you keep GPS tracking to only when the employee is at the office. Privacy issues occur if your corporate apps are tracking enabled when the employee isn't on the clock.
Remote Wiping Capabilities
If you have any smartphones or tablets, you should always require a remote wiping capability. Let's say the employee leaves their smartphone at a remote location, or it's stolen from them. If your device contains private data, then you need a way to remove it. It's also important if the employee stores passwords to make logging in easier. In this case, the attacker can log in to your corporate applications or even authenticate on the network.
There are several remote mobile app-wiping apps on the market. Even Google offers one with its G Suite cloud platform. Android has its own mobile wipe functionality as does the iPhone.
Establish a Data Storage Policy
To avoid data theft, you can establish a policy asking users to always synchronize data with the network. Some organizations are even more strict and force users to store any corporate data on the network only and never store personal customer data on their local device. This is important when keeping in compliance with specific guidelines such as HIPAA an SOX. While wiping data often destroys the attacker's ability to gather data, it still takes time and it can often be too late by the time the device is discovered missing.
Always Use Encryption
Data encryptions is important for data storage security and data transfer. Always require encryption when allowing users to access the network using wireless hotspots. Most operating systems support data encryption when storing information on a hard drive. These two encryption techniques won't protect your data 100%, but they will greatly reduce the chance that an attacker will be able to steal data and read it in plain text.
Wireless hotspots are especially vulnerable to eavesdropping and attacks such as man-in-the-middle (MiTM). You can avoid eavesdropping using encryption. With MiTM attacks, ensure that users only connect to wireless hotspots that are official organization connections.
BYOD is incredibly beneficial, but it comes at a price. Security should be your main concern, and you should take these strategies into consideration when you build your policies. Always have users acknowledge them, and ask them to sign off that they understand the importance of data security, privacy, and the security of your corporate network.