According to a survey conducted by Kaspersky Lab in conjunction with B2B International, around half of the consumers surveyed also use their devices for work. However, only one in 10 is seriously concerned about keeping work information safe should cybercriminals gain access to their device.
One way or another, many employees of large and medium-sized companies use personal mobile devices for work. 36% of respondents store work files on them, and 34% keep work-related email messages. Sometimes, more confidential information can also be found on users’ devices, such as passwords to corporate email accounts (18%), networks or VPNs (11%). Such information represents a valuable prize for cybercriminals hunting for corporate secrets.
Despite these risks, a bring-your-own-device (BYOD) business model offers many benefits to organisations, even those enterprises that have a great deal of confidential information. For example, easy access to corporate communications and applications alongside personal data and activities means that employees can see and manage tasks faster and more effectively.
However, to keep the business and any proprietary data secure, the integration of BYOD into the IT infrastructure must be implemented responsibly by employers. Kaspersky Lab’s specialists have several recommendations that should be borne in mind when connecting employees’ personal devices to corporate IT networks:
- BYOD integration should be regarded as a specific project; this is especially true for large businesses. Every last detail of the integration process should be designed beforehand; and this should ideally include an infrastructure audit, a design stage and a pilot implementation.
- To effectively protect mobile devices, it is important to use a comprehensive solution that ensures security across the entire corporate network, not one that focuses only on mobile devices. Without this, compatibility problems may arise and create extra work for system administrators.
- Managing mobile devices in a large business requires additional skills over and above those demanded by routine system administration. It is worth ensuring there are appropriately qualified IT security specialists on the team. These can provide centralised management for all mobile devices within the corporate network, ensure that all mobile applications are installed, removed and/or updated via dedicated corporate portals, and regulate data access levels and employee privileges.
- Most importantly, the business needs to develop robust scenarios for how to remove personal devices from the corporate network if they are lost or stolen, or if an employee leaves the company. A procedure should be developed to remove confidential corporate data from these devices and block access to the corporate network.