AS NEW malware and ransomware that specifically targets mobile devices grows exponentially, if you have not set rules for employees who use their own smartphones for company business, you should do so now.
While implementing a bring your own device (BYOD) program can save your company money by not buying new phones for staff, there are other benefits like increased productivity, greater flexibility and higher employee satisfaction. However, if your staff are not protecting their devices and following rules aimed at thwarting hackers, their smartphones can become backdoor gateways for malicious cyberattacks.
Threats to your organization include:
- Data leakage. Data can be lost or exposed when devices are misplaced or stolen, or if a personally owned device has malware on it.
- Unauthorized access. Attackers can gain access to a compromised device or network credentials stored on it, potentially leading to unauthorized access to sensitive company information.
- Malware infections. Malware can easily spread to personal devices, which can then be used to access company networks and compromise sensitive data.
- Legal issues. Using personal devices for work can raise legal issues, especially if data is not properly secured or if employees are not adequately trained on security protocols.
Strategies for protecting your firm
Take care when downloading apps – A July 2024 report by Human Security found more than 250 “evil twin” applications on the Google Play Store. These apps are built to look authentic and often contain malicious code that launches upon download.
Urge caution – Inform your staff that they need to be cognizant of their online behavior. You won’t be able to control if they shop online at compromised websites or lose a device.
Keep a register of connected devices – Maintain a detailed register of users and devices. By auditing your network regularly to detect unauthorized connections and resource usage.
Enforce on-device security – Smartphones and tablets come with passcode controls that restrict access. As part of an employer’s default BYOD agreement, staff should have the passcode enabled before they are granted access to corporate resources. Also consider implementing multi-factor authentication for an additional layer of security.
Require VPN use – To ensure that data transfers are secure in transit, require that your staff devices be set up with VPN access.
Implement a mobile device management platform which allows you to enroll devices, specify and enforce network access rights and even apply content filtering.
Segregate apps – Creating a barrier between personal and private use of the device can prevent accidental access to work data. This can be achieved through techniques like containerization and work profiles, which isolate corporate data and apps within a specific part of the device, preventing them from being accessed by personal apps or data.
Have protocols for when employees leave – If an employee is terminated or begins exhibiting questionable behaviors, immediately revoke their access to sensitive data before it’s leaked.
Insurance
Some cyber insurance policies limit coverage to devices owned or leased by an organization. If you allow BYOD in your workplace, you’ll want to make sure that your policy covers these devices.
Some insurance providers offer enhanced or specialized coverage for BYOD-related incidents, acknowledging the unique challenges and risks involved.