10 Network Security Issues to Consider with BYOD Devices

20/06/2018 17:25:47

Employers love when a dedicated employee answers email at 10pm or responds to an overseas customer at 3am, but what potential pitfalls could you run into when considering how your network security intersects with your BYOD policy? We all remember the case of ex-FBI Director James Comey who used personal emails to “word process” unclassified documents. While the email subject matter was decidedly benign, the publicity of the scandal begs the question – is the ease of using personal devices for work related purposes worth the risk? While you could devote months to the creation of a truly great BYOD policy, you should quickly consider 10 network security-related issues now that BYOD is here to stay.

1. What policies and control do you have to govern employee use of systems like company email and applications on BYOD devices and where is your data being stored?
Not considering how your employee is using work email and applications and where your data is going is the equivalent of storing your banking and tax information on your public blog.

2. Are your employees keeping their BYOD device OS and applications updated with all current software patches and updates?
Constant updates can be annoying but there are updates and patches for a reason! Ransomware and malware strains can find an easy foothold in systems that are not regularly updated!

3. Do you require the use of anti-virus and anti-malware programs on all BYOD devices just as you would on company-owned devices?
Be sure to ensure consistency between all programs to ensure you won’t run into compliance issues later on. “We assumed his/her anti-virus software was up-to-snuff…” won’t go over well when GDPR comes calling about noncompliance!

4. How strong are BYOD device passwords?
If your employees think birthdays or the family dogs name is still the password benchmark - Consider employing weak password scanning software to monitor employee BYOD device passwords and ensure length, complexity, frequency of change, failed attempt consequences follow all regulations.

5. Would required encryption of all sensitive data on BYOD devices be a bad thing?
While whole-device encryption might not be feasible, that extra safeguard on your business-critical information won’t keep you up at night like that 2:30am conference call.

6. What is the BYOD policy if an employee leaves the organization or is terminated?
Ensure a policy is in place that will protect all company data saved on a device and implement fail-safes to protect critical information should a disgruntled employee refuse to turn over the device for inspection or a gruntled employee just doesn’t see the point!

7. What is your device enrollment and SSL VPN access process?
Require registration and authentication procedures when connecting to the company network allowing IT to track and detect unauthorized devices and protect the network accordingly. People are constantly breaking and replacing or just buying new and flashy devices and getting them enrolled properly shouldn’t be optional!

8. What are your web application security policies for BYOD devices and is there a Blacklist & Whitelist?
While you can’t ask your employees to live without photo-editing applications (sigh…), remember web applications are increasingly susceptible to malware! Take the time to consider your web portals, email, CRM, and remote access and what BYOD devices are potentially tracking on the bottom of their shoes. Ensure your blacklisted applications are truly harmful through R&D and train employees to segregate and protect their business-critical apps on their BYOD device.

9. Do you have simple centralized management, reporting, and auditability of mobile apps?
IT can’t protect against what it can’t see! Make sure you can manage, audit and report effectively on how employees are using their BYOD devices, just as you would with company-owned devices. Allowing BYOD devices at the workplace does not equal throwing up your hands and giving up on vigilance.

10. When have you created too many BYOD restrictions?
The simple answer is…when your employees start sneaking around your policies just to get their work done. Unless your IT department has all the time in the world or really has something against Facebook or Tinder, protect your organization but pick your battles!

BYOD policy should be carefully considered and adequately supported to optimize business functions and the safety of your business!

Sangfor Technologies has a battery of programs designed to keep your organization safe and flexible including IAM (Internet Access Management), NGAF (Next Generation Application Firewall), WAN Optimization, VDI (Virtual Desktop Infrastructure) and HCI (Hyper-Converged Infrastructure). Founded in 2000 and a publicly traded company as of 2018 (SANGFOR STOCK CODE: 300454 (CH)) Sangfor is the global leading vendor of IT infrastructure solutions specializing in Cloud Computing and Network Security. See www.sangfor.com for more information on Sangfor solutions.

Our Social Networks

Global Service Center: