As new malware and ransomware that specifically targets mobile devices grows exponentially, if you have not set rules for employees who use their own smart phones for company business, you should do so now.
While implementing a bring your own device (BYOD) program can save your company money by not buying new phones for staff, there are other benefits like increased productivity, greater flexibility and higher employee satisfaction. However, if your staff are not protecting their devices and following rules aimed at thwarting hackers, their smartphones can become backdoor gateways for malicious cyberattacks.
Threats to your organization include:
- Data leakage. Data can be lost or exposed when devices are misplaced or stolen, or if a personally owned device has malware on it.
- Unauthorized access. Attackers can gain access to a compromised device or network credentials stored on it, potentially leading to unauthorized access to sensitive company information.
- Malware infections. Malware can easily spread to personal devices, which can then be used to access company networks and compromise sensitive data.
- Legal issues. Using personal devices for work can raise legal issues, especially if data is not properly secured or if employees are not adequately trained on security protocols.
Tips
When you have a BYOD policy, it’s not always easy to protect your data and operating systems. But you can take steps to reduce the chances of a breach or ransomware in your system.
Consider the following actions:
Take care when downloading apps — A July 2024 report by Human Security found more than 250 “evil twin” applications on the Google Play Store. These apps are built to look authentic and often contain malicious code that launches upon download. At that point, your company’s data may be exposed.
Use with care — Inform your staff that they need to be cognizant of their online behavior. You won’t be able to control if they shop online at compromised websites or lose a device.
Keep a register of connected devices — As the IT team connects personal devices to the company network, they should also keep a record of the user and their device details. By maintaining a detailed register, companies can audit their company network regularly to detect unauthorized connections and resource usage.
Enforce on-device security — Smartphones and tablets come with passcode controls that restrict access. As part of an employer’s default BYOD agreement, staff should have the passcode enabled before they are granted access to corporate resources. Also consider implementing multi-factor authentication for an additional layer of security.
Require VPN use — To ensure that data transfers are secure in transit, require that your staff devices be set up with VPN access.
Implement a mobile device management platform — An MDM platform allows you to enroll devices, specify and enforce network access rights and even apply content filtering.
App segregation — Creating a strong barrier between personal and private use of the device can prevent accidental access to work data. This is typically achieved through techniques like containerization and work profiles, which isolate corporate data and apps within a specific part of the device, preventing them from being accessed by personal apps or data.
Have protocols for when employees leave — If an employee is terminated or begins exhibiting questionable behaviors, immediately revoke their access to sensitive data before it’s leaked.
Insurance
Some cyber insurance policies limit coverage to devices owned or leased by an organization. If you allow BYOD in your workplace, you’ll want to make sure that your policy covers these devices.
Some insurance providers offer enhanced or specialized coverage for BYOD-related incidents, acknowledging the unique challenges and risks involved.
Tags: Leaders' Choice Insurance Services, mobile threat