Personal devices have permeated the workplace and become intertwined with business operations. Consequently, securing your employees’ personal smartphones, laptops and tablets should be a priority for IT security chiefs.
Deloitte estimate around 90% of UK employees owns a smartphone. Moreover, smartphones are becoming increasingly attractive targets for hackers.
An article published in Forbes explains smartphones make businesses vulnerable – “especially when mobile device security patches and upgrades from company IT departments aren’t being installed.”
With more companies expected to extend work-from-home policies and install a hybrid model, allowing employees to access your business network on a personal mobile device could leave you exposed to hackers.
The good news is there are several security strategies you can adopt to reduce the risks Bring-Your-Own-Device (BYOD) presents.
First of all, let’s take a look at the pros and cons of a BYOD strategy.
Benefits and Risks of BYOD
Whilst BYOD does present more security risks than business-owned devices, it does offer advantages as well. Every business has to decide whether the benefits outweigh the risks and which strategies you can implement to reduce the risks.
Pros of BYOD
- Great flexibility for a distributed workforce
- Potential for an uptick in efficiency and productivity
- Increase in employee satisfaction (providing you avoid restrictions)
- Dramatically lowers spend on hardware
- Reduce device management for IT support (with the right technologies in place)
Cons of BYOD
- Phishing and malware scams
- Vulnerabilities in apps
- Devices shared with family members
Establish a Bring Your Own Device Policy
There is no doubt that hybrid work models provide employees with more freedom and flexibility to work where they want, how they want and when they want. BYOD ushers in the much-coveted work-life balance.
Increased productivity has also been a positive feature of BYOD models. This has led to an increase in staff satisfaction and plays a key role in retention.
Whilst it’s a smart move to leverage business technologies to mobilise your workforce, policy has to play a central role. However, a BYOD policy must balance flexibility with boundaries.
The loose use of mobiles is clearly a threat to your business network. Gartner warns that BYOD policies that are too restrictive will unhinge business productivity also. The company’s experts advise enterprises need to balance the control of personal devices.
That involves allowing employees to use personal mobile devices and implementing security measures without imposing too many burdens. The firm recommends a BYOD policy should include:
- Installing remote wiping software on personal devices that are used to access or store sensitive data
- Best data protection practices; strong passwords, Two-Way Authentication
- Providing cybersecurity training for employees so they know how to identify potential cyber-attacks and which wireless networks they are permitted to access business data (i.e no unsecured networks in public spaces)
- Protocols for reporting lost or stolen devices
- Install antivirus and protective security software on mobile devices
- Patch management and backup software
- Authorised access
- An approved list of downloadable apps
Don’t Rely On Standard Device Security Solutions
An effective BYOD policy should be centred around rock-solid cybersecurity defences. Whilst tech companies provide security features for mobile devices and software, they are seldom reliable.
Earlier this year, a cybersecurity firm, Citizen Lab, warned businesses that Apple’s popular iPhone has a “blinking red five-alarm-fire problem with iMessage security.”
To be fair, the cybersecurity firm did add the biggest threat comes from the military-grade hacking service Pegasus which is typically sold to governments.
State-sponsored hackers will generally only target leading companies, but as we have seen with the REvil group, malicious actors are intent on gathering as much public data they can access.
Google’s Play Protect has also been singled out as an inferior option to rely on. Tests reveal the tech giants cybersecurity defences only detects just over a third of malicious malware.
The average real-time malware detection rates are around 95%. Subsequently, it’s not safe for businesses to rely on standard security features. Install a verifiably reliable antivirus application.
Implement A Wi-Fi Network Strategy
Together with securing personal mobile devices, a network security strategy is also a top priority. Although securing all endpoints can feel like an arduous task at the outset, the benefits outweigh the negative by a country mile.
The first rule of Wi-Fi network security is do not allow unsecured mobile devices to access your network.
The second rule of Wi-Fi network security is do not allow unsecured mobile devices to access your network.
The third rule of Wi-Fi network security is, well you get the point.
This is particularly important if you have a variety of people using your network; employees, contractors and guests. Each of these groups should be given a different gateway.
Establish User Permissions
Your BYOD policy should name a network administrator that is responsible for setting up user access and permissions. This should be a job role rather than an individual because employees come and go.
User permissions allow or prevent devices that are attempting to access your business network. This not only adds an essential layer to your security defences but enables your employees to securely store and access software, documents, files and folders in the cloud.
For example, you will probably have sensitive financial data or product development data that you only want a select group of individuals to know about. Employees that are not given permission to enter a particular document will not be able to open it.
The same applies to anybody accessing the network. A hacker will have to take over the controls of an authorised device in order to access your business network.
Whilst this is not beyond the realms of possibility, user access and permissions can be fortified by using Two-Way authentication. This security solution sends a one-use-only code to the device of the user trying to access the network.
Even if a hacker has stolen login details, they are unlikely to have the person’s mobile device and, therefore, will not receive the code. An additional layer of security is for the device user and network administrator to receive an email to confirm it is the authorised person accessing the network.
Install A Virtual Desktop
During the lockdown, a number of companies reached out to us to improve their remote working setup. A common issue was that employees had to leave their office-based computer switched on and connect to it from a remote desktop.
Most companies found this solution was limited. If an employee had problems connecting or logging in, someone had to go to the office to reboot the computer.
A virtual environment is a great solution for remote working – and something that is well worth considering if you are implementing a hybrid model. However, the only way for a virtual desktop to work seamlessly if the secure environment is based in the cloud.
Microsoft Virtual Desktop (MVD) was introduced for that very reason. It provides a secure environment employees can access from any location on any device no matter which operating system is installed on their mobile device. MVD is compatible with Android, Mac OS and iOS.
The real beauty of MVD, however, is that the virtual environment is central to securing your business network. Data is stored in a centralised location which is encrypted and protected by a password control system – together with user access permission and 2WA described above.
Another key advantage MVD offers is your IT staff only has to perform security and software updates once – rather than for every single device.
An alternative option to MVD is a new solution recently launched by Microsoft. Their Windows Cloud 365 PC is geared towards companies that do not already have a virtual desktop in place or businesses that do not have the in-house expertise to set one up.
There is an additional cost to use Microsoft’s in-built virtual machines, but it is a hassle-free option that is a critical piece of the hybrid workplace puzzle. You don’t need any coding know-how for starters.
Invest in Patch Management
Patch management is often overlooked as a security measure but makes life a lot less complicated for IT professionals. In short, patch management ensures that all the personal devices that have permission to access your business network is secured with the latest security patches.
Why is this important?
When a tech company releases software into the public domain, it’s ripe for malicious actors to infiltrate. Skilled hackers will eventually identify vulnerabilities in the coding that presents them with a gateway into your network.
Once hackers are on your network they can hijack your data (ransomware), or steal sensitive data such as your customer’s details (spyware). If you store consumer data on your servers that is subsequently stolen, you face hefty penalties and a loss of faith amongst your customers.
Research reveals that 60% of companies that suffer a data breach go out of business within six months. This is partly due to penalties handed out by data-protection laws and the obligation to inform your customers that their personal data has been stolen.
Not only that but software companies are not held responsible for a data breach once they have released a new security patch. That means that if one of your employees does not update their mobile device, your entire business is at risk.
Patch management negates that risk. As soon as a security patch is released by a tech company, every device registered on your network receives an automatic update. Therefore, you don’t have to rely on your employees to update their devices and there is zero time delay between the latest release and the update being executed.
Data Backup Personal Devices
We appreciate you don’t want to think about losing your business data if an employee’s mobile device is lost or stolen, but safe planning is the best practice.
Data produced in remote locations should be backed up as though you were backing up work created in the office. If anything, this is more important because laptops are more prone to crashing when handling huge volumes of data than desktop PCs.
There’s always a chance that a server on the network will fail somewhere along the line; either on your premises or the at the cloud provider end.
It’s important to note that Microsoft does not guarantee you will be able to access your data if their systems go down. Moreover, you might not get it back.
IT Support Specialists in London
Hybrid work models and BYOD strategies are ideal solutions for a post-pandemic world. However, with technology taking centre stage, it’s vital that you have an IT support team behind you that provide solutions to inevitable teething problems.
Lost productivity will be a principal concern, but Microsoft 365 goes a long way to ironing out the creases. The wealth of features such as MVD, Teams, Azure and Windows Cloud 365 Service help a distributed workforce to communicate, collaborate and operate with freedom.
Remote working will invite greater risks to your cybersecurity of course. But again, with the right setup, there is not much to worry about. Most IT security technologies and strategies prevent 98% of attacks. The high-profile breaches you read about in the media are all coming from state-sponsored hacking groups employed to perform digital espionage.
Our professional team of IT support specialists in London can help you implement strategies that will make setting up a hybrid workplace and implementing a BYOD policy much smoother than if you attempt this alone.
For more information, contact a knowledgeable member of our team and we will run through a strategy that will work for you and your employees.