Category: Risk Management and Information Security Blog


Threats Associated with BYOD

By Amine Mekkaoui,

The use of mobile devices among the global workforce is not a new concept, but the introduction of user ownership is a trend that has just gained momentum in the last few years. Professionals in a wide range of industries are relying on their own mobile devices to support the balance between work and home, introducing a whole new set of risks for the corporate network when the proper policies and controls are not in place.

While BYOD (Bring Your Own Device) offers plenty of benefits for the enterprise and the employee, a strategic approach is necessary to mitigate the risks associated with users accessing the network and supported applications from outside of the corporate firewall. Let’s take a look at some of the threats that exist with BYOD and what you need to do to protect your network, your users and your proprietary information.

  1. Lacking a Robust Policy – Now that users are accustomed to relying on their own devices to access the network and their personal email, they also need to know what is acceptable use, who has access to their device(s), and what will happen if the device or the information contained within the device is compromised. An effective policy outlines expectations and outcomes, while also providing for the proper sharing of information so all employees are informed.

  2. Weak Authentication Methods – It’s a given that employees will need unique user names and passwords to access the corporate network, but it’s also a given that such information is easily captured by hackers. It’s critical that IT management implements and enforces strong authentication methods and limits access to applications. Strong authentication methods demand constant monitoring and regular updates to ensure any breach is immediately identified and mitigated.

  3. No Visibility or Control over Devices – Employees often prefer BYOD as a concept as it suggests they have complete control over their mobile device. While the physical control may remain, IT management establishes its own control over the device with mobile device management or other applications that provide remote access and complete visibility. Access to such technology ensures IT always knows what devices are accessing the network and can immediately locate, lock and wipe clean any compromised or lost device.

  4. Applications – While a number of applications exist to promote the activities of the professional in the field, a larger number exist to waste time or access proprietary information with malicious intent. Any applications downloaded by the user without IT approval are a risk to the corporate network. The simple scan of a QR code could quickly launch malware on the device, with reach into any network to which it is connected. The corporate policy must define what constitutes an approved application and how to avoid downloading malicious software.

While this list merely scratches the surface of the threats that exist with BYOD, it still provides clear insight into what you need to consider within your own environment. Whether yours is a large enterprise, small- to medium-sized business or sole proprietorship, any mobile device used to access your network, server or other IT assets presents a threat to your operation. Before allowing BYOD to flourish, put the right strategy in place to support only the safe use of all mobile devices.