I wrote about 10 ways to reduce insider BYOD threats last week, which focused on some security tips to help IT professionals and users get the most out of BYOD deployments. There is a wealth of deeper information within what constitutes a forest representing the nuances of good security, since often there are no absolutes.
Speaking of absolute, I spoke about the concepts of BYOD security with Richard Henderson, Global Security Strategist at Absolute, a software security organization, in order to get a more detailed look at the trees in the overall forest.
TechRepublic: What are the biggest threats from BYOD?
Richard Henderson: “It’s up to the CIO/CISO to determine how risky it is to allow non-corporate devices on the network and what measures can be put in place to control that risk. While government agencies and some large enterprises dealing with sensitive, compartmentalized, or classified information have very stringent requirements, your typical office’s BYOD policies can sometimes be far too relaxed. This lenient attitude can create an unprotected entrance to the corporate network via mobile devices.
Outdated devices pose another serious threat for BYOD. A recent report found that 60% of mobile devices in an enterprise BYOD environment are running an outdated operating system and are vulnerable to known security flaws where patches have been made available. Requiring employees to run the latest software updates is always difficult to regulate, so companies end up taking on more risk. Of course, there are many devices, typically Android-based, where patches will never be made available due to the age of the device or the abandonment of updates from either the manufacturer or the carrier. It’s incredibly difficult to ask employees to continually replace their hardware for a newer device that is currently supported.
Organizations’ lack of visibility is also a threat, which is further complicated by BYOD. Most companies have very little visibility of the endpoints on their corporate network, and with the explosion of IoT devices everywhere, in many cases are provided with even less long-term support than smartphones, the situation is only going to get worse.For a particularly risk-averse CISO or CSO, BYOD policies just aren’t worth the risk.”
SEE: BYOD (Bring Your Own Device) Policy (Tech Pro Research)
TR: Are there any myths or misconceptions about BYOD security?
RH: “Privacy is a big area of confusion for BYOD. When employees use their personal devices for work, they expect to still be able to use their phone as they see fit, and without their employer watching. While some mobile security solutions out there prioritize user privacy, employees need to understand that they will need to relinquish a certain measure of control to their employer to ensure that the device and the data accessible through it is protected from theft and loss. BYOD isn’t a right, no matter what employees may think.”
TR: What are your recommendations to mitigate or reduce risk?
RH: “A third of cybersecurity incidents can be tied back to attacks on mobile devices, so building policies and programs that specifically address mobile devices (both company-provided and BYOD), as well as removable media, is critical to reducing risk. As a first step, IT teams must deploy a fully fleshed-out and well-planned mobile device management (MDM) or enterprise mobility management (EMM) solution. These solutions help ensure policy compliance among employees, which is very important, but insufficient on its own.
In order to protect against mobile cyber-attacks, companies should adopt a mobile threat defense solution. These solutions can detect malicious threats, alert IT teams accordingly, and provide remediation action, like remote-wipe, disconnecting from WiFi, etc. Some more recent developments around machine learning-based appear to have success detecting unknown or never-before seen threats.
Beyond that, companies must get buy-in from employees. Hosting regular training sessions that teach employees about the importance of mobile security is key. The sessions should cover why software updates are so important to company security, why public WiFi networks should be avoided, how to identify a phishing attack, and exactly what to do if they suspect something is wrong. Circling back to the initial point on snooping by the enterprise, I think it is one of the most critical pieces of building a successful strategy to communicate clearly to employees that the technology being placed on employee-owned devices is only there to protect corporate data and network assets, and will never be used for snooping or monitoring personal activity… unless an incident has occurred and further investigation is warranted.”
TR: Are there any problematic apps (or types of apps) which represent more of a BYOD risk than others?
RH: “Certainly. Cloud storage apps can lead to issues if allowed to be installed willy nilly, especially with those employees who are entrusted with the most critical of corporate data (HR information, financial data, intellectual property).
On top of that, Android users often need to be cognizant of the fact that there are many “free” apps out there that ask for significant permissions… and some of those apps in the past have been shown to collect much more data than they should. It may be essential for security staff to whitelist a subset of approved applications for their most privileged or critical employees.”
TR: Can you comment on the cost savings involved with BYOD compared to any costs involved with additional security requirements/staff/controls? In other words, is BYOD still cost-effective?
RH: “I’m not sure BYOD has ever been as cost effective as it was initially sold to enterprises, and as you suggest, it may be a wash at best. But we have to look beyond the simple bottom line when it comes to BYOD: many companies use BYOD policies as one of many carrots on a stick to attract and retain good talent. If a top recruit wants to use a MacBook instead of a Thinkpad, then at the end of the day the costs are minimal. Add to that the fact that BYOD allows employees to use technologies they are already intimately familiar with, leading to greater job satisfaction and potentially increased productivity, and it becomes difficult to justify an iron-clad, strict device policy.”
TR: My wife and I were in NYC recently and she lost her iPhone in Manhattan. We used ‘find my iPhone’ and it triangulated the iPhone to a specific intersection, but we never could find the phone. I feel since ‘find my iPhone’ has a degree of plus or minus a few feet in terms of locational accuracy that it may have been picked up and taken inside an apartment building at that intersection. Is there anything you could recommend for a situation like that?
RH: “Really, there’s not much more you could have done to hopefully retrieve the lost device, other than placing it in lost mode and hoping that someone finds it and returns it to you or the local police (or Apple Store!). Beyond that, my advice to people who ask similar questions is simple – be pragmatic and accept that we live in an era now where phones, tablets, and laptops, while certainly pricey, are reasonably inexpensive enough to replace if the worst happens. With that in mind, it’s absolutely critical that you avail yourself of all the tools device manufacturers make available for your protection: remote wiping/locking, full-disk encryption of the device, complex alphanumeric passcodes instead of simple 4 digit PINs, etc. Just ask yourself a simple question: if someone snatched my phone out of my hands and took off with it, would I feel secure that the meaty, juicy data inside the device was free from prying eyes? If the answer is no, then you have to do a little more to change that no to a yes.”
TR: How does the BYOD landscape look going forward – any new threats, developments, solutions on the horizon?
RH: “2016 was the worst year yet for data breaches and leaks, and with the massive explosion of data being created, collected, processed, and shared, I expect 2017 to eclipse 2016. Threats around BYOD will likely play a big role. There are literally millions of devices out there that will never see another security patch again, and those same devices are not going to be replaced anytime soon. When you add to this the mire of IoT, where even the vending machines in the corporate cafeteria are now being subverted and used in attacks, it’s obvious to me that the surface area for attackers to exploit has never been larger. I’ve been talking about the inherent threats surrounding connected devices for quite some time, and 2016 proved that the new world of machine-to-machine attacks are here to stay. Millions of connected devices have been subverted and used to launch DDoS attacks on scales that weren’t even conceived of in the past. Major sites are knocked off the internet in a blink, causing e-commerce grinds to come to a halt. Millions of dollars are lost in revenue, clean-up and additional defenses.
What’s an organization to do when devices inside their networks are exploited and used in attacks elsewhere? It’s likely that conservative and risk-averse corporations will declare BYOD off-limits for their teams. But that will mean security teams will need to watch very carefully for rogue or difficult employees will attempt to find ways around security controls in order to get access to Inter- and Intranet resources. It may be a good solution for security teams to work with their network team colleagues and build out dedicated, fully-segmented network blocks with their own security infrastructure to provide the most basic of access to employee-owned devices.”
- Effects of Bring Your Own Device (BYOD) On Cyber Security
- South Africa: Here Are the SA Cities Facing the Biggest Threat From Climate Change
- JetBlue's new support animal policy allows only dogs, cats and miniature horses onboard
- Migration is the biggest issue at the EU Council meeting — not the post-Brexit relationship
- Nigeria: Threats of Ebola, Polio, Other Emerging Infectious Diseases Persist
- Here’s The Biggest Brand Disruption In Two Words
- Threats, reforms and challenges: A momentous week for Ethiopia
- North Korea is using Microsoft, Apple, Samsung tech in cyberattacks
- Rwanda's Arsenal Sponsorship Deal Sparks Outrage
- Ethiopia: Project Lands Earth to Restore Degraded Land
- Africa: Innovative e-Commerce Approaches Can Help Small Businesses
- Africa: Regrets and Relief One Year After U.S. Ditched Global Climate Deal
- Africa: #MeToo, Feminism Sparking Demand for Art By Women, Data Shows
- Africa: Gorilla Population in Africa Rises
- Our Guide to What the World’s Top Central Banks Will Do Next
- Solar Is the Future. Donald Trump Tied a Bow on It and Gave It to China.
- South Africa: Task Team Recommends History Be Made Compulsory and More Africa-Centred
- Kenya: Mandera Court Jails 2 Women for Trafficking Minor From Somalia
- Tanzania Plans to Allow HIV Self-Testing
- Endpoint security: How to protect your company
|kwmobile Wireless Qi Charging station in black for Nokia Lumia 730 / 735 and other devices with the Qi-Standard (check at Amazon)||4.0|
|Toddy Gear The Wedge Premium Microfiber Screen Cleaning Cloth and Mobile Device Stand (check at Amazon)||0.0|
|FlashTech USB-C to Lightning Port Adapter - for USB Type-C Devices Including the new MacBook, ChromeBook Pixel and HP Pavilion (check at Amazon)||5.0|
|kwmobile Wireless Qi Charging station in black for Nokia Lumia 830 and other devices with the Qi-Standard (check at Amazon)||5.0|
|The Free Hand Universal CD Slot Mount for Cell Phones and GPS Devices - Mountek (check at Amazon)||0.0|
|kwmobile Wireless Qi Charging station in black for Nokia Lumia 930 and other devices with the Qi-Standard (check at Amazon)||5.0|
|Multiple USB Car Charger for Apple and Android Devices~5.1 Amp~The Bolt from bePowered~ & Free PDF (check at Amazon)||0.0|
|NEEWER Emergency Battery Charger w/Flashlight - White - For iPhone 3G 3GS and any devices that are charged through a USB cable! (check at Amazon)||3.3|
|High quality Hello Kitty -WE ARE THE ONE- Screen protector (Front and Back) for Apple iPhone 4 / 4S. JCSTORE Retail packaging. (check at Amazon)||5.0|
|Emergency Battery Charger w/Flashlight For iPhone 3G 3GS and any devices that are charged through a USB cable (Black) (check at Amazon)||2.5|
|Lots & Lots of Monster Trucks DVD Volume 1 - The Biggest and Baddest (check at Amazon)||0.0|
|If You Are the One: Love and Marriage (check at Amazon)||0.0|
|Leo Harrison III: The Biggest Winner- Doubles Techniques and My Mental Game (check at Amazon)||0.0|
|Alaska's Coolest Animals and The Biggest Bears (check at Amazon)||0.0|
|Who Are The DeBolts? (And Where Did They Get 19 Kids?) (check at Amazon)||4.8|
|Mindflo 4 the Tao-Relaxation, Meditation and Calm with Nature (check at Amazon)||0.0|
|We Are The Children: Michael Jackson Fans and the 2005 Trial (check at Amazon)||0.0|
|John Holmes, The Biggest and The Best 4-Film Collection (check at Amazon)||0.0|
|You Are the Cause and the Effect (check at Amazon)||0.0|
|Master Box Where are the Damed Roads? WWII German Military Car (with 5 Figures and Dog) Figure Model Building Kits (1:35 Scale) (check at Amazon)||5.0|
|You Are The Cheese To My Macaroni - Mailable Wooden Greeting Card for Birthdays, Anniversaries, Weddings, and Special Occasions (check at Amazon)||3.0|
|Success Is the Target and You Are the Arrow - NEW Classroom Motivational Poster (check at Amazon)||5.0|
|Dude with the Biggest Dick - Large, Bold and Daring Birthday Greeting Card (check at Amazon)||0.0|
|Blue Mountain Arts 2015 Wall Calendar, You're on the Journey of a Lifetime and Your Dreams Are Meant to Come True (CA8049) (check at Amazon)||5.0|
|High Quality Earphones Earbuds EarPods 3.5mm with Remote and Mic for the iOS Devices and Android Devices - White (check at Amazon)||0.0|
|Alfa U-Bag blue neoprene carry case/holder For the AWUS036H, AWUS036NH, AWUS051NH, WUS036NHA, WUS036NHR and other Devices (check at Amazon)||0.0|
|Turtle Beach Ear Force Heroes of the Storm Gaming Headset for PC and Mobile Devices (check at Amazon)||0.0|
|Sterling Silver Circle Disc with "I Love You" and Moon, "You are The Sun The Moon and The Stars" Pendant Necklace, 18" (check at Amazon)||0.0|
|Orthodoxy and Catholicism: What are the Differences? (check at Amazon)||4.8|
|The World Is Fat: The Fads, Trends, Policies, and Products That Are Fattening the Human Race (check at Amazon)||0.0|
|Risk/Reward: Why Intelligent Leaps and Daring Choices Are the Best Career Moves You Can Make (check at Amazon)||0.0|
|Wanted: Why Rush Limbaugh, Glenn Beck, and Sean Hannity are the Most Dangerous Men in America (check at Amazon)||2.0|
|Social Policy and Social Change: Toward the Creation of Social and Economic Justice (check at Amazon)||0.0|
|Green Metropolis: Why Living Smaller, Living Closer, and Driving Less Are the Keys to Sustainability (check at Amazon)||0.0|
|Spiritual Warfare and Prayer: Blessed are the Warriors that Believed! (check at Amazon)||0.0|
|Special Providence: American Foreign Policy and How It Changed the World (check at Amazon)||0.0|
|Policy and Practice Implications from the English and Romanian Adoptees (ERA) Study (check at Amazon)||0.0|
|How Capitalism Will Save Us: Why Free People and Free Markets Are the Best Answer in Today's Economy (check at Amazon)||0.0|
|Deep Cover: The Inside Story of How DEA Infighting, Incompetence and Subterfuge Lost Us the Biggest Battle of the Drug War (check at Amazon)||0.0|
|Migration, Citizenship, and Development: Diasporic Membership Policies and Overseas Indians in the United States (check at Amazon)||0.0|
|Quick and Dirty Answers to the Biggest of Questions: Creative Systems Theory Explains What It is All About (Really) (Volume 1) (check at Amazon)||0.0|
|The Best Kept Secret Taxpayer V. Nontaxpayer and If You Are The Defendant [1996 Editions] (check at Amazon)||0.0|
|Blockbusters: Why Big Hits - and Big Risks - are the Future of the Entertainment Business (check at Amazon)||0.0|
|Oil: A Study of War-Time Policy and Administration. History of the Second World War (Official History) (check at Amazon)||0.0|
|Inside Dope: How Drugs Are the Biggest Threat to Sports, Why You Should Care, and What Can Be Done About Them (check at Amazon)||0.0|
|Black and White: Why Are the Piano Keys Weighted?: Reflections from a Colored Girl’s Perspective (check at Amazon)||0.0|
|The Challenges for Leadership, Values, and Happiness: What Are the Keys to Your Success in the 21st Century? (check at Amazon)||0.0|
|By David Owen: Green Metropolis: Why Living Smaller, Living Closer, and Driving Less Are the Keys to Sustainability (check at Amazon)||0.0|
|Cyberheist: The biggest financial threat facing American businesses since the meltdown of 2008 (check at Amazon)||0.0|
|I Look Into My Mirror, And There You Are.: (The Reason Why I Can Never Again Get Too Lonely) (check at Amazon)||0.0|
Relaxed policies and outdated devices are the biggest BYOD threats have 2721 words, post on www.techrepublic.com at March 1, 2017. This is cached page on USA Breaking News. If you want remove this page, please contact us.