Fighting off the BYOD cybersecurity jitters and embracing agility
Bring Your Own Device (BYOD) is the trend of employees using their own mobile device to run and view business software. The motivations behind are quite simple: whereas BYOD was once the preserve of the mobile sales team, businesses have realized that employees essential to operation being connected means far more responsive service. It keeps clients happy, the organization is up-to-date on goings-on and it allows a more flexible work environment - making it a win-win for all parties.
For the software company designing said software, BYOD has meant opening up the previously mollycoddled and secure networks to the threat of intrusion of relatively unsecure consumer-grade protection. This is particularly the case if the business is small and the only ‘IT department’ the business has is its software company.
BYOD poses challenges for the software company not only because it runs in less secure environments, but also because of the way in which devices are used.
In this article we look at some common problems associated with introducing a BYOD into your business’s network and how a software company goes about safeguarding against these new potential points of attack.
Cloud computing – With business function and services in the cloud, BYOD has grown a lot more capable and more secure. Tools such as FWaaS and malware protection extend protection to remote devices; and copies of data do not have to be stored on the device itself.
Lost or stolen device – Perhaps the biggest fear is if a device is mistakenly left behind or stolen. Sensitive business information can be lost and the business network can be compromised. However, your software company can legislate for this by requiring individual application and device-level key generation. If the device can no longer be used legitimately, simply wipe its access from the network. And with cloud services, information on the device can be reduced to merely a UX frontend.
A software company must approach BYOD security from not only the software perspective but also the people perspective.
Public exposure – Peeping Toms and eavesdroppers are harder to account for. In fact, in the overzealous hunt for internet access, BYOD users can be lured into using public Wi-Fi, unsecured and unencrypted. The man-in-the-middle attack in such instances poses an even greater threat. Any software company worth its salt is going to encrypt connections between remote devices and the network (or cloud), but as an additional line of defence, public, BYOD can be barred from communicating over unsecured networks.
A software company can use services in the cloud to great effect to reduce the possibility of cyber intrusion through remote devices.
Smartphone mentality – The smartphone mentality is one of speed, urgency and haste. Unfortunately, it is the latter two which exploit the human loophole. The CEO phishing fraud thrives on conveying a sense of urgency and making employees take hasty decisions, without verifying the source of the email. A software company can design safeguards to check for the veracity of the sender, but training is quintessential to prepare for such attacks.
Malicious apps – The smartphone and tablet – two of the most popular for BYOD – are also the most open to malicious apps with unscrupulous apps able to enter their respective ‘app stores’. Tracking all data transferred, running recording software and penetrating networks, malicious apps are sophisticated tools. Get your software company to conduct regular training sessions to ensure that employees are aware of the dangers of downloading such apps, not only for the business but their own personal safety.