2020’s COVID-19 pandemic caused businesses to adapt quickly, and unfortunately so did cybercriminals.
Office buildings were empty as businesses sent their employees home to work remotely. Immediately organized criminals learned to exploit the “new normal” by targeting improperly secured connections, devices, applications, and unprepared work-from-home (WFH) employees. While it was necessary and unplanned, we need to recognize that WFH increases your business’s vulnerability to cyberattacks.
These days, many of us wake up to a very different workday routine. We grab our laptop, tablet, and cell phone to sit down to work in our “offices” (spare bedrooms, dining room tables) and start the day. Who owns those mobile wireless devices – the employee, the company, or a bit of both?
Chances are the phone, and the tablet are employee personal devices loaded with personal information, while the laptop is provided by the company – even though all of them are used routinely or work purposes.
In today’s environment, usually only large enterprises supply their employees with all their hardware, which might include mobile devices, laptops, workstations and maybe even wearables. However, today the most common scenario is for employees to purchase, own and control smartphones and tablets that are used for both work purposes and personal use. This is referred to as BYOD (Bring Your Own Device.)
Many may remember when IT departments pushed back on the idea of supporting personal devices?
That was circa 2009 when “Bring Your Own Phone” was just starting to gain popularity, and many businesses went so far as blocking personal mobile phones from their networks and mail servers. Fast forward to 2022. It’s expected, if not mandated, that the IT department support personal devices, using Mobile Device Management (MDM) software to allow employees access the company’s sensitive corporate data all hours of the day and night from anywhere. The productivity gains can be huge, but they come at a risk!
BYOD Statistics in the U.S.
- 87% of companies rely on employees using personal smartphones to access mobile business apps, services, and corporate networks
- Almost 50% of businesses require their employees to use their personal smartphones
- About 70% of companies say they reimburse their employees in some fashion for BYOD, while only 29% of employees reported they receive BYOD reimbursement for their data plan.
We could debate who benefits the most from BYOD, but we would all agree there is one huge pitfall that has surfaced with the BYOD movement – lack of security training, practices, and policies. The biggest concern businesses have is the risk of compromising company data, whether by lost/stolen devices or by cyber-attacks and threats.
BYOD security risks need to be taken very seriously, and it’s an unfortunate fact that most companies do NOT have a mobile device access policy in place. If you need a sample BYOD policy, let me know and I will get you one?
To get started, check out these 6 “Best Practices” to reduce the risk that your company is the next cyber victim.
1. Turn User Authentication On
Laptops, tablets, and smartphones can get lost or stolen easily as we take them everywhere we go, and they can be left in taxi cabs, restaurants, airplanes…the list goes on.
- Make sure that all your mobile devices have the screen lock turned on, and that they require a password or PIN to gain entry. There is a ton of valuable personal information on the device! Most devices have Face ID and Touch ID, which certainly makes access easier, but not necessarily more secure. Regardless of which method you choose, make sure ALL your devices are protected by making sure you are who you say you are – and if you do use passwords, be sure not to miss tip #4 below!
2. Update Your Operating Systems (OS) Regularly
- This is super important! If you’re using outdated software your risk of getting hacked skyrockets. Vendors such as Apple, Google and Microsoft are constantly providing security updates to stay ahead of security vulnerabilities.
- Don’t ignore those alerts to upgrade your laptop, tablet, or smartphone. To help with this, make sure you have automatic software updates turned on by default on your mobile devices. Regularly updating your operating system ensures you have the latest security configurations available!
- When it comes to your laptop, your IT department or your IT services provider should be pushing you appropriate software updates on a regular basis. Be sure to take a moment to hit “restart” otherwise it won’t do you much good!
3. Avoid Public Wi-Fi
- Although it’s very tempting to use that free Wi-Fi at the coffee shop, airport, or hotel lobby – don’t do it. Any time you connect to another organization’s network, you’re increasing your risk of exposure to malware and hackers. There are so many online videos and easily accessible tools that even a novice hacker can intercept traffic flowing over Wi-Fi, accessing valuable information such as credit card number, bank account numbers, passwords, and other private data.
- Interesting fact – although public Wi-Fi and Bluetooth are a huge security gap and most of us (91%) know it, 89% of us choose to ignore it. Don’t be one of them! That app store purchase can wait!
4. Use a Password Manager
- Let’s be honest, passwords are not disappearing any time soon, and most of us find them cumbersome and hard to remember. Additionally, we’re asked to change them frequently which makes the whole process even more painful. Enter the password manager, which you can think of as a “book of passwords” locked by a master key that only you know. Not only do they store passwords, they also generate strong, unique passwords that save you from using your cat’s name or child’s birthday…over and over.
- Check out products like LastPass and Dashlane (two of the top-rated providers) to take the hassle out of creating and remembering strong passwords for everything from bank accounts to social media.
- We also highly recommend you follow this up with Multi Factor Authentication (MFA, also known as 2FA) which is critical to protecting your online applications and services.
5. Remote Lock and Data Wipe - Every business should have a BYOD policy that includes a strict remote lock and data wipe policy. Under this policy, whenever a mobile device is believed to be stolen or lost, the business has the ability to protect the lost data by remotely wiping the device or, at a minimum, locking access.
Where this gets a bit sticky is that you’re essentially giving the business permission to delete all personal data as well, as typically in a BYOD situation the employee is using the device for both work and play. - Most IT security experts view remote lock and data wipe as a basic and necessary security caution, so this is a conversation that must be had so employees are educated and made aware of any such policy in advance.
6. Don’t Forget Cloud Security and Data Backup
- Last but not least – keep in mind all those public cloud apps and services that are being accessed by employee-owned mobile devices, increasing your risk.
- For starters, back up your cloud data! Should your device be lost or stolen, you’ll still want to be able to quickly access any data that might have been compromised.
- Select a cloud platform that maintains a version history of your files and that allows you to roll back to those earlier versions, at least for the past 30 days.
- Google’s G Suite, Microsoft Office 365, and Dropbox all support this. Once those 30 days have elapsed, however, deleted files or earlier versions are gone for good. You can safeguard against this by investing in a cloud-to-cloud backup solution, which will back up your data for a relatively nominal fee each month.
If you’d like more information about a Mobile Device Management Platform, reach out to us