BYOD security risks: What to avoid with BYOD plans

Jan 28, 2015

2015-06-26 BYOD.jpgWhen it comes to any type of project, a higher up or expert can give a person loads of advice – from tips and tricks, to what the processes need to be included, and beyond – but the individual may still miss the mark. No matter how much instruction and guidelines a person may receive, sometimes it is easier to outline the aspects they should avoid instead of trying to give a framework for what they should end up with.

This approach can also be applied to bring-your-own-device initiatives. Simply put, there is no template, no overarching plan that will suit each and every business. Administrators need to take into account the unique and individualized requirements of their own organization, and create a BYOD policy to match. However, there are several things that, no matter the size or demands of the firm’s users, a BYOD plan should avoid.

Don’t go for a one-size-fits-all approach
I know, we just went over this, but it’s worth hammering home – Business leaders cannot, and should not, leverage a one-size-fits-all strategy for their BYOD plans. This is true not only in the general sense that one company’s approach may not quite fit another organization, but also that each facet of the overall BYOD initiative will need its own policy. TechRepublic noted that especially when it comes to security, many enterprises utilize a “blanket” plan to guide how all users leverage the network. However, there are certain cases which may merit exceptions to this rule, and before administrators know what hit them, users are opting to ignore the policy all over the place. This can cause serious BYOD security risks, especially when one employee is allowed to go outside the lines of the set standards and others are not. Instead, organizations should create separate policies for each of the top areas of BYOD, including device usage, protected company-owned intellectual property and what programs are allowed.

Don’t forget that some apps create BYOD security risks
One common mistake administrators run into when implementing a BYOD practice is forgetting to consider that their staff may utilize unsafe applications on their devices which may be putting sensitive corporate data at risk. Furthermore, when a breach occurs on a single BYOD-supported device due to an unsafe app, it can go undetected for a much longer period of time than a traditional infiltration may have. For this reason, it is important to keep in mind that employees may not always utilize the most secure applications. Cisco guest blogger JT Ripton suggested that administrators consider blacklisting the specific apps that are known to cause security threats, and be sure to make workers aware of the importance of taking careful consideration when downloading and using apps on their devices.

Don’t forget device wiping
When it comes to personal devices being used in the workplace, the simple fact of the matter is that some employees will abide by best practices, but some won’t. For this reason, it is important that the company covers its back, so to speak, with device wiping capabilities. Although some may see this security measure as a bit heavy handed, it has saved businesses on more than one occasion. Furthermore, this ability can come in handy more often than one may think. Many administrators utilize this feature of BYOD security when a worker loses their device, or finds that their handheld hardware has been stolen. While airport theft of a smartphone is definitely a good use case for this type of technology, it isn’t the only one.

Another beneficial way to leverage device wiping is when an employee quits unexpectedly, or puts in their two week notice. Many decision-leaders forgot to account for this aspect when BYOD first emerged, allowing individuals who quit or were fired to walk out the door with valuable corporate information. However, with device wiping, business leaders are able to remotely remove this content from BYOD-supported devices, ensuring that their sensitive data doesn’t fall into the hands of competitors or get sold on the open market.