In May, HM Revenue and Customs (HMRC) said that it would ignore the government’s advice on BYOD (bring your own device) because of concerns around the security of the devices that employees might connect to its network. HMRC takes the view that because it can not guarantee that its employees’ devices would be secure, it would rather stay away from BYOD altogether. HMRC deals with plenty of sensitive data, although it is far from alone in that respect, and in fact increasing numbers of organizations are taking a different view.
In a recent independent study, Imation found that 91% of IT decision makers said that their organization permitted the use of removable storage devices on the corporate network. Just 9% of IT decision makers reported that their company did not allow any removable storage devices to be used. From these figures at least, it looks like BYOD is here to stay.
BYOD is no different to any other technologies, in that organizations which keep ahead of threats with best practice will always be better prepared to combat risk, and will be more secure as a result. Here are the top five practical tips which security pros can use as a starting point to ensure better network security against some of the challenges posed by BYOD.
Don’t hire a firewall tester. Just assume that attackers will always find a way to “get in’. Instead focus on staff training and education – 75% of organizations have suffered data loss from negligent or malicious insiders.
Most employees will log onto the corporate network via their personal devices even if they are told they shouldn’t. More than 50% of employees use portable devices to take confidential data out of their companies every day.
Employees value convenience more than security. If a security policy is overly cumbersome or inconvenient, staff will find a way around it. Don’t underestimate the ingenuity of employees looking to circumvent procedures that slow them down.
Flash drives will be lost and IT will never know about it. In some cases, losing a £5 flash drive can be even worse than losing a laptop. Stolen or lost laptops are reported, whereas £5 flash drives are quietly replaced. Use encrypted flash drives to avoid this problem or just don’t use them at all — right now only 35% of companies enforce data encryption on company-issued devices.
Finally, an organization’s strongest defense against a security breach is its own employees. Providing employees with training on good security practices is the most efficient measure. Everyone should learn how to recognize phishing attacks and fake anti-virus software advertisements — if it looks too good to be true, it really is.