What is BYOD, Bring Your Own Device? Is a relatively new workplace phenomenon that has taken office workplaces by storm. It is the practice of employees bringing their personal electronics to their place of work for both professional and personal use. This includes anything ranging from laptops, phones, tablets, etc. BYOD has risen in popularity for multiple reasons. However, the significant factor that can be seen as the driving force is the increase capability of personal devices.
Companies have found it cost-effective and time-efficient for their employees to bring their own devices. It has opened the doors toward enabling workplace flexibility (WFH – Work from Home) and increased productivity. Most importantly, it has given end-users the ability to use technology that they feel comfortable with and understand. Furthermore, workplaces were able to continue their operations due to employees using their personal devices from the comfort of their homes.
However, it is essential to note that BYOD doesn’t necessarily only refer to computer devices. It is also applicable to what we would classify as small and mundane devices. For instance, charging cables and USB devices, which will be the focus of this article.
Everyday Examples of BYOD Risks in the Office
Peripheral devices open the potential for intentional and unintentional breaches of data and security, especially in the realm of BYOD Security Risks. That new phone charger you ordered from a cheap website is actually a Rogue Device. Which is a tool used in hardware attacks, meaning it requires a physical connection to the intended target in order to be effective and wreak havoc.
Suddenly, you can find yourself being an insider threat, even if that was never the intention. Falling prey to this can happen in the blink of an eye as these types of devices can find their way into the office via clever social engineering tactics. For instance, free USB handouts or faulty advertisements that mislead consumers into unknowingly using compromised BYODs.
Spoofed peripherals are dangerous office predators due to their ability to camouflage as unsuspecting everyday technology. While simultaneously infiltrating networks unnoticed by exploiting the Layer 1 visibility gap. Existing security solutions, such as NAC Solutions (Does Your NAC Solution Slack?), EPS, IDS, IoT Network Security and more, fail to cover Layer 1. This allows Rogue Devices to go undetected and carry out malicious attacks without raising any security alarms.
However, other risks in the office should be considered when talking about BYODs. Improper mobile management and lost or stolen devices are devastating vulnerabilities for any company. Whereby the attackers must do minimal work to gain access to sensitive information due to negligent practices or behavior by either an employee or the company. According to a recent study conducted, out of 70 million devices lost or stolen each year. Only 7% are eventually recovered (The Rise and Risk of BYOD).
Prevention Techniques and Solutions
A great prevention technique that can and should be adopted by any office workspace is Security Education Training and Awareness, otherwise known as (SETA). While being an abstract concept, it fundamentally can help a workforce build the foundational institutional policies and procedures to counter the psychological exploitations of social engineering.
Make sure that at the office personal and business data are separated to the best degree possible. While also setting up a system that provides effective and fast solutions for lost BYODs. All of these suggestions are small steps that can be taken in order to practice SETA and minimize your odds of being a target.
However, an initiative such as SETA is great and helpful in setting up a secure workplace, yet it is not a silver bullet to guaranteeing a safe cyber environment as human error is not entirely preventable. Rogue Devices can still enter the organization as unassuming BYODs through extremely deceitful social engineering techniques that even the most alert employees can fall victim to. And since these devices bypass traditional cybersecurity solutions, mitigating the risk means getting to the root of the problem: Layer 1 visibility.
Sepio Security Solution
Sepio’s platform provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments. HAC-1 Hardware Access Control integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the enterprise’s cybersecurity posture. HAC-1 deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices; gone are the days of unmanaged BYODs. Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, HAC-1 enables a Zero Trust Hardware Access approach, which stops attackers at the first line of defense.
BYODs in the office offer a great range of benefits that should be taken advantage of. However, with great benefits come great risks. And you need to make sure that you’re fully protected from all points of access.