Featured Posts

Mobile Data Breached – Must BYOD be Allowed or Not?

June 28, 2016 | By admin

Prominent surveys have revealed that corporates have suffered from security breaches involving mobile devices. The popularity of using mobile devices for business applications has increased with corporates having come to understand the business benefits of mobile devices in instantaneous communication and better productivity. It has been observed that employees have a tendency to respond to online communication more quickly and work on the requirements faster. BYOD or Bring Your Own Device is another concept that corporates are encouraging due to the advantages it offers in terms of employee satisfaction and the monetary benefits gained by the corporates.

BYOD authorizes employees to use their personal devices and connect them with the corporate network, allowing them to access enterprise systems and data.

While advantageous in business terms, allowing mobile devices is big risk for IT security administrators. If corporates provide mobile devices, then the concerned IT security department can decide on specific secure device models and device management would be comparatively easier. Security updates, possible vulnerabilities, fixing loop holes, specifying containerization rules, app management, VPN, etc.., can be managed. However, when BYOD is allowed, there is a possibility that employees would choose devices that support different operating platforms, such as Android, iOS, Windows, etc.., Users of Apple iOS would always prefer using iPhones or iTabs, while Android fans would remain faithful to Andriod OS. Since every OS has its own type of security mechanism and possible vulnerabilities it would be taxing for IT personnel.

 

  • Corporates must enforce and maintain strict BYOD policies.
  • Employees must not be able to store corporate data locally on the system.
  • Access to corporate servers must be confined only to areas deemed necessary – access must be provided only to the corporate apps and corporate data that are required. A default-deny access policy must be implemented.

Employees connect mobile devices to the internet through Wi-Fi hotspots. If these hotspots are compromised or found malicious, then the devices also get infected, and when the devices connect to the corporate server the malware may infect the server or other devices connected to the network. Surveys have shown that corporates have suffered security breaches due to this vulnerability. This infection has happened through both corporate-owned as well as employee-owned devices. Employees must be educated to connect to only secured Wi-Fi hotspots. The risk and potential damages that could be incurred in connecting through weak or malicious hotspots are not worth taking the risk. Many times it is through clicking of mail attachments or embedded links that malware infection takes place. An antivirus system that utilizes default-deny and auto-sandboxing system technologies can prevent zero-day exploits that threaten corporate networks.

Furthermore, personal data and corporate data, and applications must be clearly differentiated, and corporate related apps and data must be containerized. Corporate communication must be end-to-end encrypted and a secure enterprise antispam and threat prevention system such as Comodo’s KoruMail must be implemented to stop unsolicited mail from entering the corporate network. This system filters spam, analyses content and performs virus scans of mail content. Data leaks and traffic degradation can also be prevented.

BYOD has benefits, and intelligently utilizing this advantage would require a Mobile device Management system, Mail protection system and a robust antivirus system that functions based on default-deny and auto-sandboxing systems.

 

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *
Be Sociable, Share!
  • Pin icon
  • More Icon

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>