The advent of technology has brought tremendous convenience in our ability to access data for personal and business needs. BYOD (Bring Your Own Device) is often a requirement to conduct business in situations where contractors, consultants and personnel from other offices are collaborating. The need for outside personnel to access corporate networks and intellectual property is often key to successfully achieving goals and completing projects.
This convenience is double-edged in that it has also introduced many security concerns on both the individual and corporate level. Allowing external personnel to access company networks and devices brings an increased need for vigilance against many potential security violations. The damage caused by malware is in the billions of dollars annually worldwide.
Dangers of Bringing Your Own Device
Untrained Users: Phishing attacks are the root of 91% of all security breaches, which means that the easiest way for a hacker to access a company’s network is being allowed in with the help of an unwitting accomplice. It is imperative to ensure personnel that are bringing their own device are aware of phishing attacks, proper maintenance of their devices and the importance of software and OS updates.
Increased exposure to viruses and malware caused by poor maintenance of personal (and professional) devices: With the rise in ransomware and cryptocurrency mining viruses, it is extremely important that all external computers have robust antivirus software that is up to date and active. Outdated antivirus, or antivirus that is not actively running, is akin to having a sleeping or absent security guard.
Unlocked devices: All devices that have been unlocked (also called jailbroken or rooted) are inherently unsafe as the basic security safeguards have been eliminated to unlock the device. These devices (usually smartphones) should never be allowed to access corporate resources, including email.
Poor planning and policies: A lack of planning or foresight by a company’s IT department is a huge detriment when enacting BYOD as this inherently opens up a network to increased attacks. Without proper planning and policies there is a gap in your company’s armor that can easily be exploited.
Data leaks: There is an enormous risk to a company’s Intellectual Property when it walks out the door on an employee’s device. Securing company data is vital to staying ahead of the competition, and this advantage can easily be lost if IP is leaked on a poorly secured computer or smartphone.
Lost devices: A lost smartphone or computer without proper security and encryption can easily be accessed by anyone with some know-how and the proper motivation.
Mixing business/personal use on devices: Mixing business and personal use on a computer is a bad practice. Whereas this is fairly common on smartphones (hence the need for a properly secured phone) this is multiplied on a computer as PCs tend to have larger capacity hard drives, access to network drives and have more complexity that most users ignore. Additionally, many users rarely consider the implications of storing personal data (music, tax returns, etc) on a company computer.
At iTecs, we secure networks based on a company’s culture and preferred level of security; however, we prefer to follow best IT practices. iTecs believes that devices that are not managed by our team of network administrators and technicians should never be allowed to access your business’s network. If your company is in need of qualified IT security professionals, or if you simply want to consult and verify your corporate IT security infrastructure, please contact us.