BYOD: Untrusted at best, compromised at worst

In an increasingly mobile-first world where most devices are personal, you must be the first line of defense protecting critical data from loss or theft.

A decade ago the desktop PC was the primary connection to the Internet, and security was a whole lot easier. Fast forward to today and the threatscape has increased exponentially: More devices, more data, more locations, more malware attacks, and less control. Businesses are struggling to protect their data and processes, and everyone now has a role to play in ensuring that security.

In a 24x7 anywhere, any time digital world we’ve moved far beyond bring your own device. The BYOD and enterprise mobility market size is estimated to be worth $35.10 billion this year, growing 15.87 percent per year through 2021 to $73.30 billion. Today’s typical digital consumer owns 3.64 digital devices, everything from smartphones (362.9 million were shipped in Q3), laptops and tablets to streaming sticks, wearables and consoles, all of which are at risk when connected.

Then there is BYOA, bring your own application, which is also known as Shadow IT, applications outside the ownership or control of IT groups. More than 9 out of every 10 organizations (92 percent) are experiencing the effects of Shadow IT. It is expected that 268 billion mobile apps will be downloaded by the end of 2017, more than double the 102 billion apps in 2013.

However the sheer number of devices and apps pales in significance to the most pressing security challenge - people. Human error is to blame for 95 percent of all security breaches.

Lack of caution is another concern: For an experiment, Avast set up Wi-Fi networks next to the Mobile World Congress registration booth at the Barcelona Airport: In just 4 hours, we saw more than 8 million data packets from more than 2,000 users. From 63.5 percent of those, Avast could see the identity of the device and user.

The old saying about mobile security - "untrusted at best, compromised at worst" - requires mobile workers to be a part of the solution. Employees need to understand why security is essential, and what they need to do to help solve the problem. Educating staff about security policies and procedures, i.e. using passwords and changing them on a regular basis, or how unknown apps can put both personal and company information at risk, is not only important, it must be an ongoing focus. Almost half (45 percent) of employees say they’ve received no training, and of those that do get training, most will forget 90 percent of what they’re taught within a week. 

Getting your staff involved with mobile security on an ongoing basis is essential, but it must go hand-in-hand with an appropriate BYOD policy. Key elements include:

  • Determining who the policy applies to, i.e. the entire company, departments, or individuals
  • What data is and isn’t allowed on personal devices
  • Permitted applications and apps should also be considered (although that is more complex because we’re talking about personal devices)
  • Location can also be a concern, perhaps in concert with the data being accessed, and\or the time that data is being accessed; and finally,
  • How will all this be managed, i.e. mobile device management (MDM) or our approach, Avast VMP, an enterprise mobile solution that enables secure provisioning of custom and commercial mobile apps on any mobile device.

We keep saying cybersecurity is a process, not a one-time solution, and that’s particularly relevant when it comes to securing individual and corporate information on our personal devices. A mix of ongoing training and education, appropriate policies and procedures, and people who understand why security is important, and what they need to do to ensure effective security, provide the best combination to protect your information.

--> -->