Personal phones, tablets, wearable tech – do you know how many of these are connected to your business networks and how many of your staff access company data on unsecured devices?

As businesses become more agile and dynamic, many have started to adopt a positive outlook on BYOD. This hybrid approach appeals to staff and aims to increase workflow efficiency. Cloud hosted services, integrated business apps and mobile staff have created the perfect storm for new attack vectors. Instead of targeting the company infrastructure, hackers can now hedge a decent bet that if they can compromise an employee’s mobile device, it will contain sensitive data or accounts that they are looking to exploit.

Research found that approximately one third of organizations have knowingly sacrificed security for expediency or business performance. 75% of the respondents to the Syntonic survey have concerns about their current BYOD program with the ability to differentiate between personal and business use being the number one concern, followed by a lack of adequate security.

Without complete control of devices that handle business data, it is almost impossible for security teams to see how that data is used, stored or exfiltrated. With all the complications caused by the challenges presented above, it’s no wonder that most companies don’t know where to start.

Before tackling BYOD, it’s important to understand the business processes that may result in an employee using their own device. Any security control put in place before understanding the impact can have detrimental knock on effects to both staff and customers. Most users would not do this maliciously or with direct intent to circumvent policy, they are simply trying to do their job as efficiently as possible, especially when they are on the move. However, if you impede the natural flow of business with red tape and restrictive controls, users will undoubtedly attempt to find ways around them, and often do.

To assess the risks and weigh up the rewards, consider the following:

  1. Talk to your staff – how does the business currently integrate BYOD usage?
  2. Do staff access business data from personal devices such as email, shared drives etc?
  3. Are personal devices accessing business networks and infrastructure?
  4. If a BYOD device went missing or was stolen, can sensitive data potentially be accessed on it?
  5. What technical controls can we put in place to monitor or restrict any of the major risks?

Ultimately, there is no silver bullet to the BYOD problem. Every organisation is different, but there are some technical controls worth mentioning. Mobile service providers such as Vodafone, O2 and EE offer flexible mobile solution plans, Microsoft provides ActiveSync for Exchange accounts and there are numerous endpoint monitoring solutions that will cover most of your bases. The power is in your hands, but must be balanced against a budget and acceptable risk.

For advice on assessing risks and threats specific to your organisation, reach out to our experts here at Net Consulting and we’ll guide you through your BYOD journey.

Sign up for ‘NCL Insights’

Your trusted source for innovation, technology insights, and market trend analysis.

Why Choose NCL?

For over a decade, we’ve developed a strong reputation amongst our customers and partners for consistently delivering services which help businesses perform optimally and securely. This is why the relationships we’ve developed over the years have become long-standing and deeply trusted.

We’re very proud to have provided continuous IT support to the MoD for over 12 years. This length of service is a testament to the trust the MoD place in our people to deliver results, time and time again. Today, we provide situational awareness of the MoD’s globally-deployed application performance while assisting in troubleshooting issues and collaborating with other delivery partners to solve problems faster.

The lessons we’ve learned in Defence are applied to our engagements with customers in the enterprise sector too, ensuring robust network and cyber management for medium to large scale organisations. We use our long-standing experience in end-to-end performance management as a foundation for all of our services, so we can better define a customer’s complete requirements and deliver a more effective solution, whatever the field of technology. Offering market-leading technology and trusted managed services from ‘Floodlight’ - our own UK sovereign SOC, we work closely with customers in Driving Digital Vigilance across industry sectors.

NCL ‘Industry Insights’ Monthly Newsletter

The NCL monthly newsletter will provide a concise roundup of all the need to know information for IT teams and leaders.