Securing BYO Devices in the Times of Pandemic
And it is not just about the actual devices used as a part of BYOD. The shared networks these devices are connected to or external peripherals such as printers are also a gateway for attackers
Think 2020, think the year that the world changed, and how. To sail the seas of globally imposed lockdowns, gravitating to remote working was the next obvious step that organizations needed to take, no matter what their traditional means of operations were. Conventional organizations that were otherwise hesitant to allow their employees to work from home a couple of days a week or less, had to adopt the new normal if they wanted to keep the business afloat.
BYOD Adoption: The Move
With the pandemic ushering in a sudden need for social distancing and isolation, the move to remote work, especially full-fledged, was sudden for most organizations. While some organizations quickly provisioned corporate-owned devices to be shipped to the employees’ location, many resorted to relying on employees’ personal devices for a make-shift workstation. The lack of proper compartmentalization of work and personal data on these devices naturally is the biggest threat to corporate data security. Not to mention that if these devices are shared by the employees with others, the risk is higher.
And it is not just about the actual devices used as a part of BYOD. The shared networks these devices are connected to or external peripherals such as printers are also a gateway for attackers.
When employees are working from home full time, it is acceptable that they would be using their personal devices during work hours. Unlike traditional office perimeters where the use of personal smartphones and other connected devices could be restricted, the work from home model automatically brings in the question of devices that employees use while working, not necessarily for work.
While the line between personal and business devices has always been hazy, the pandemic served as the ultimate blow. No longer can organizations control which devices and networks employees are using for work.
As we move forward with a new normal that involves remote working as a near-permanent solution for several jobs and a hybrid work model for several others (once the pandemic dies down, that is), securing BYO devices should be on the ultimate list of priority for organizations and business owners if it already isn’t.
Here are key steps to bolster BYOD security:
● Have a strong BYOD policy
This is an organizational activity that needs to be taken up on high priority. Create very specific guidelines on the acceptable usage of devices:
• Enforce a strong password policy for the work apps
• Prevent data copying and sharing from work apps to personal and vice-a-versa
• Ask the employees to disclose the devices that will be used for remote working
• Carry out integrity tests to check if the devices are robust and compatible enough to handle corporate usage and security requirements.
• Ensure the devices are secured with anti-virus software and the corporate data is protected with a firewall
• Make sure that the IT teams have control, such as selective remote wipe over the work containers/apps on the BYO devices.
● Manage remote access
To limit the cyber security risks and the exposure of corporate data to threats, controlling remote access to corporate resources is crucial. Having a re-look at the access permissions, identifying loopholes and revoking privileged access wherever unnecessary is important. However, it should not hinder employee productivity and creating a responsive system to grant access for valid reasons to authorized employees, whenever requested, is critical.
● Don’t ignore the network security
Network security can be often overlooked and can prove to be an expensive mistake. When employees are working remotely and are using personal devices, IT can no longer control which networks they are connected to. Routing the traffic to corporate resources and apps via a trusted VPN can help in maintaining network security.
● It’s not only about the devices
Sightline and eavesdropping are modern security concerns that are on the rise, thanks to the hyper-connected homes with smart home assistants and virtual assistants. While sightline can be mitigated by gesture or biometric-based access, eavesdropping and lurking by several other devices present within the home office can be a major security loophole.
Employee education and awareness are hence critical, employees need to be trained extensively on impending security threats and the measures that need to be taken on their end- something as simple as not sharing passwords, not opening malicious emails that pretend to be COVID-19 related information, switching off other devices while working or taking work calls and confidential meetings from a room free of virtual assistants.
Remember, your organization’s security posture is only as strong as your employees want it to be!
● Remote implementation is essential
The policy implementation and enforcement, especially during the pandemic, needs to be quick and remote. The IT teams can not physically enroll the devices used by their employees and hence the implementation needs to be fully remote, with minimum end-user intervention. Since the IT teams are in for a long stretch due to fully remote working, the monitoring and management of BYO devices also need to be fully virtual and effortless.
Hence, investing in the right Mobile Device Management system is emphasized, which can help with policy enforcement, management and monitoring for a fragmented BYO device inventory.
To sum it up
Implementing BYOD is no piece of cake, especially when the organization has a large, dispersed workforce. But with the right approach and the right set of tools, it can be streamlined, not just for the pandemic but beyond.
Authored by Sriram Kakarala, VP – Mobility, Scalefusion
