Small business BYOD: Security risks and tips
Nov 06, 2013
Small businesses with bring-your-own-device policies are just as susceptible to data loss and cyberattacks through this practice as are organizations of any other size. However, what sets smaller businesses apart is the fact that such an attack could cripple them financially if not prevented through adequate BYOD management and security solutions.
Small business security expert Mike Foreman told V3 that although steps have been taken to educate the small business sector on basic network security, administrators and employees of these organizations are “still woefully under-informed” about the BYOD security risks they face. Furthermore, if these businesses suffer a cyberattack or if their internal systems are infiltrated and infected as a result of their BYOD policy, it could lead to bankruptcy.
“This impacts all of us but for a small business to have data breaches, well it could be the end of their business,” Foreman said. “It is happening, we’ve seen it.”
BYOD Security risks
According to Small Business Trends, 31 percent of all cyber attacks last year targeted small businesses. These kinds of infections, including viruses, Trojans and other malware, represent a significant threat to BYOD security within an organization.
Technology expert Yuval Ben-Itzhak told V3 that a main threat to endpoints recently is banking Trojans, which aim to capture login credentials for financial accounts. If an employee has mobile access to a small business’s financials, their device could be infected by such a malicious program and their bank account could be drained by cybercriminals who have stolen their username and password.
Ben-Itzhak also noted that free cloud services like Gmail and Dropbox threaten the security of a small business. Employees should frequently back up their work transmitted over these platforms.
“This is because mess-ups happen,” Ben Itzhak told V3. “It happened with Gmail. Gmail had an ‘event’ where some people’s messages were deleted and couldn’t be recovered. So while these tools are very good for running a business…there is risk involved in running them.”
Organizations seeking more secure methods of data transfer can utilize services like Memeo C1, an online sync and file sharing platform. This type of technology features a management console not available on other programs, and also encrypts data in transfer and at rest.
BYOD Security Tips
Small Business Trends advised that small businesses make notification a mandatory part of a BYOD security policy. This approach is multifaceted and can include simply alerting an employer when someone utilizes business functions on a mobile device. A notification strategy can also extend to registering the device used with the employer. However these organizations go about this strategy, the point is to be aware of the devices used to access the corporate network.
Small businesses should also educate their employees on the parameters of the BYOD policy as well as best practices for optimum endpoint security. This way, everyone is on the same page as far as what is allowed and what is not, as well as efficient ways to protect mobile data.