Do Businesses have a Recipe for BYOD Security?

A new study from F-Secure shows that while many businesses are concerned about the security implications of the BYOD trend, many have yet to take action to secure employee-owned mobile devices.

Author: Adam
Date: 28.08.2015
Read Time: 3 Minutes

Bring-your-own-device (BYOD) is a trend popular with businesses because it alleviates the financial burden associated with maintaining corporate-owned fleets of devices, while giving employees the flexibility to choose the tools they use in their work.

But this doesn’t absolve businesses of their responsibility to secure company-owned data and networks. Former White House cybersecurity advisor Richard Clarke described the BYOD trend as the “largest vulnerability” facing corporate America, and a recent study conducted by F-Secure found that the approach many businesses are taking to security is creating significant gaps in this area.

A recipe for securing fleets of employee and company-owned devices requires three unique yet related components:

  • Data Encryption – VPNs should always be used to encrypt data while in transit. This is particularly important for employees who travel or work out of the office, as using insecure public Wi-Fi networks is convenient and efficient, but represents a serious security risk. Unfortunately, VPNs were only used by approximately half of the companies surveyed in the study, highlighting that many businesses continue to risk having their data monitored or intercepted while being exchanged online.
  • Mobile Device Management – Mobile device management allows a centralized IT administrator to monitor devices being used for work purposes. It should provide IT personnel with the technical details about devices and their software, as well as the security status of devices. Visibility of devices that handle company data is a key capability of mobile device management tools, but such tools were only used by approximately 36 percent of companies analyzed in the study.
  • Anti-Theft Protection – Previous research confirms that only about 1 out of 4 personal mobile devices used for work can be remotely wiped, which exposes company data to serious risks if those devices are lost or stolen. Any data stored on the device, or any data stored in an account that the device can easily access, can find itself posted online, or possibly even sold to competitors or criminals. Any mobile device used for work purposes should have anti-theft features, including a company-directed password policy and remote wipe capabilities.

Many businesses in F-Secure’s survey are concerned about security. 92 percent agreed that managing security would become more of a priority in the next 12 months, and 95 percent agreed that companies of all sizes and in any industry could be the victim of a cyberattack. 87 percent agreed that the BYOD trend was making security more challenging. But as these numbers show, this is a challenge that many businesses have yet to meet.

Any solution should provide the three features mentioned above, but it must also balance the need for security with the need for productivity. After all, increased productivity is one of the most appealing parts of a BYOD strategy. Products that balance these needs will allow companies to secure and manage both employee and company-owned mobile devices with a single tool that’s user friendly enough for people to enjoy using, but strong enough to ensure businesses stay protected.


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s