Bring Your Own Device (BYOD) is a trend whereby employee-owned devices are being used within a business. BYOD policies enable employees to use the same devices for personal and office use, allowing them to work remotely if need be. This is a trend that is growing rapidly due to the myriad of benefits it provides both the business and the employee. As of 2015, 82% of organizations are accepting the use of personal devices for work-related purposes. BYOD market is estimated to increase by 15% every year until 2022, from a starting value of $30 billion in 2014. The corporate world has three key approaches for allowing their employees to operate mobile devices internally, and externally, for work-related purposes.
BYOD (Bring Your Own Device)
This is what will be explored in this white paper and it involves businesses relying on their employees to utilize their own devices, such as mobile phones, laptops and tablets.
The greatest weakness of BYOD is the security risks that come with it. For the 26% of Tech Pro Research’s survey respondents who have not adopted – nor are planning to – BYOD, security concerns were the most common reason as to why.
Employee devices will not have the same security measurements that an organization’s device will have, and any security measurements a personal device has will not be suitable to protect against corporate data breaches or network intrusion. This is a grave threat demonstrated by the fact that 50% of companies that allowed BYOD were breached by an employee-owned device.
Employees can be targets for attacks
Employees can walk away with a significant amount of data on their devices and can, therefore, be targets for attacks. These attacks can occur when an employee uses their device remotely and connects to a public WiFi hotspot whereby a hacker can infiltrate the device. Similarly, using public charging kiosks that have been manipulated allows a perpetrator to gain remote access to the device. Social engineering attacks also present a risk. Should “someone” approach an employee looking distressed and say “Hey, my phone has been stolen, can I borrow yours to make a call?”, that “someone”, who is actually a bad actor, can use the employee’s phone to gain access to sensitive information and data.
Malware can get onto mobile devices numerous ways including through spam emails, links and rogue programs or apps. Similarly, trojan malware can be embedded through SMS messages and social network links. Spoofed peripherals also have the ability to inject malware onto the endpoint to which they are connected. Malware is perilous as it can spread to other devices on the business’ network, generating considerable damage. US mobile malware rates are increasing by 75% each year, with Apple’s operating system receiving five times more malware in 2015 than in the five years previous. These figures indicate a growing risk to organizations that permit BYOD.
BYOD facilitates their operations
Stealing or acquiring lost devices is an alternative way for hackers to access the organization’s network and obtain valuable information. The best intrusion-detection system and anti-virus software will be futile if this happens. Password protected devices are not safe either as circumventing a password on a stolen/lost device is no challenge for a hacker. Insiders also pose a threat to an organization and BYOD facilitates their operations. Mobile devices make it easier for malicious employees to access the company’s network and pilfer sensitive data.Download White paper