BYOD & Corporate Software Security Trends
To save on costs, many companies are turning to a model of “bring your own device” (BYOD). This means employees bring their own laptops or, more commonly, cell phones to work. Most of the active workforce has their own smartphone, so is it worth it to buy an employee an entirely new phone just to keep security tight? Let’s look at different versions of BYOD as well as security trends and tips surrounding these devices.
Bring your own device is exactly what it says: The employee brings their own device for both personal and business use. This lowers costs for the company, but security is often extremely lax on these devices. Not to mention there may be compatibility issues if employees use devices from different brands. For example, an app available on iOS may not be available on Android. Additionally, a Mac may not be able to use the same programs as the PCs already in the office.
The opposite end of BYOD is “company owned, personally enabled” (COPE). This method is the most secure approach, where a company purchases the employee a device. The company does not limit these devices to business use only, as they are available for personal use as well. That includes, but is not limited to, taking personal photos, using Facebook and installing games. The main problems with COPE are that the employee can feel like they are needlessly monitored. The company’s IT department is completely in charge of security and can often monitor all activity on the device. Also, they may receive a device they do not like or have no prior knowledge of. For example, if the company gives an iPhone to someone who normally owns an Android phone, they may be unfamiliar with how it works.
Finally, there is “choose your own device” (CYOD), which is like COPE but has a key difference. The company still supplies the device, but the employee decides what they will purchase, usually from an approved list. The security software, along with any apps or software needed for their job, are already pre-installed by the IT department. However, the device itself belongs to the employee, and they are not monitored as in a COPE structure.
While BYOD remains popular, companies are trending towards CYOD as a compromise between BYOD and the restrictive, invasive COPE.
Alternatively, mobile device management software (MDM) has the potential to counter BYOD’s lack of security. MDMs allow for different privileges between employees while ensuring the device has security enabled. Naturally, the software also allows you to customize it to fit your company’s needs. On top of this, MDMs supports remote locking, wiping, or resetting of the device, as well as remote data recovery. Here’s a list of our top five MDMs.
Virtual private networks (VPNs) are another way to keep security on devices tight. Figuratively speaking, VPNs are like a tunnel from the device to your company’s server or the internet.
It’s extremely hard for hackers to break into a VPN, and ISPs are also unable to view what someone is browsing on a device. It protects instant messages, downloads and uploads, such as any sensitive information passing to and from the device. An unprotected network, meanwhile, is vulnerable to snooping by a curious hacker, to the point where images appearing on a website are visible on the hacker’s screen. While a VPN’s connection is often slower than a regular connection, the minor hassle is worth it.
Finally, all this could be for naught if you don’t train your employees. In fact, employees themselves might be the biggest threat to a company’s security. Employees could click on a phishing email, inadvertently giving login credentials to either their personal accounts or to business accounts. Or, they might respond to an email that looks official but has a slightly different address requesting sensitive data. Without proper training, the employee could simply reply with information that is not supposed to leave the office walls.
They need training for things like not leaving their devices out in the open, especially unlocked, lest someone quickly slip a device in a bag. Without MDM, the device could be easily hacked in person, revealed all kinds of corporate secrets. On top of this, they should receive training for proper usage of any security features installed on their devices. They should be familiar what features are available, how to use those features and adjust their habits accordingly.
Employees bringing their own device to work, and using them for both personal and business matters, can create a gap in company security. However, with certain precautions, or buying the employee a device with security programs pre-installed, the company can ensure important information stays safe by helping shore that gap.
Photo courtesy of Pexels user Jessica Lewis