Mobile threat
Why a robust
BYOD policy
is required

Author: Gary Hilson

Mobile threat detection remains an essential cyber security function as bring your own device (BYOD) policies evolve and the hybrid workplace puts added pressure on mobile device management.

A comprehensive policy governing mobile workers using their own devices is essential to help mitigate against threats and risks to the business environment—everything from phishing to unsecured Wi-Fi usage to excessive permissions in apps.

Your BYOD policy should work with mobile device management solutions to help reduce complications that arise during a breach while also drawing a clear line between employee privacy and what the company is allowed to view on a personal device.

A BYOD policy can help deliver many business benefits

Allowing employees to use their own personal smartphones, tablets, and laptops has driven the deployment of mobile device management solutions as well as BYOD policies. Together they enable more robust mobile threat detection. To address the concerns of both employer and employees, a BYOD policy must be well-crafted.

Taking the time and effort to develop a policy can ultimately save the organization money by reducing the amount spent on computers and other devices, as well as the subsequent maintenance and cyclical equipment upgrades. A BYOD policy can also help retain employees by improving satisfaction, increasing productivity while allowing for more proactive mobile threat detection.

By establishing clear guidance on how employees can access the organization's network with their devices, employee privacy can be maintained while help to reduce threats and risks to the business.

Employee mobility increases security risks

The security risks posed by BYOD that continually pose a challenge to mobile threat detection are numerous, but they can't be ignored. Verizon’s Mobile Security Index 2021 (MSI) found that more than two-thirds of respondents rated mobile as crucial to their business—on a 10-point scale, 71% answered eight or higher.

Mobile device management is critical to security since mobile devices are subject to all the same risks as non-mobile devices, as well as some of their own. One of the inherent downsides of BYOD could be that a loss of control and visibility as to where enterprise data is transmitted, stored and processed on an employee's personal device can lead to data leakage, while data loss can occur if a device is lost or stolen. Use of the device by friends or family can also compromise corporate data and privacy. The use of public Wi-Fi hotspots by remote workers opens the door to man-in-the-middle attacks and eavesdropping. These types of attacks can  enable the installation of malicious applications that can alter trusted applications or rogue applications that allow for insider attacks by equally rogue employees.

Three-fifths of respondents surveyed for the Verizon MSI said that mobile devices are the company's biggest IT security threat. Of the rest, 85% said mobile devices are at least as vulnerable as other IT systems. A large majority of respondents (79%) had seen remote working increase as a result of COVID-19 and 70% expected remote working to fall again, but over three-quarters said that it would remain higher than before lockdown.

Optimizing mobile device management

Mobile device management must also address privacy issues for both the company and employees as there are legal and compliance complications that can arise from BYOD, especially in certain industries such as healthcare.

Because personal devices are accessing corporate servers and networks, it means the company can access them, raising privacy concerns that employers could monitor how their employees use the internet on their own time and even read private correspondence. The use of personal devices makes it even more important, however, to focus on mobile threat detection that protects their business.

Nevertheless, a mobile device management solution may not distinguish between personal corporate data for the purposes of wiping a device in the event of a security breach, so a remote wipe could delete precious personal memories such as family photos. In addition, location tracking technologies are somewhat ubiquitous on mobile devices today, so organizations would be hard-pressed not to know the location of a BYOD smartphone. Finally, in the event of litigation involving their employer, an employee's personal device may be subject to a discovery request.

Mobile threat detection is more than technology. Your corporate policies and employee behavior should together with any mobile device management solution.

A clear BYOD policy can help bolster mobile threat detection

Your BYOD security strategy should have a lot in common with your remote work guidelines and acceptable use policy for corporate IT infrastructure. Ideally, you should have an easy-to-understand BYOD security playbook that protects the business and employees.

It starts with education. Employees should always be informed of the best practices to secure BYOD devices and corporate data, such as enabling two-factor authentication and requiring VPN login to apps and programs containing sensitive information. Your policy should specify which devices may be used to access and store any given information. Mobile device management software makes it easier to secure data in the event a device is lost or stolen.

Mobile threat defense can be further bolstered by cyber risk monitoring because it can provide companies with a baseline of preparedness from a security and risk-score perspective, while also helping them monitor processes where personal data might be exposed via BYOD devices.

Regardless of who owns the device, each and every device that accesses corporate data must be secured, and employees should be reminded they play a key role in protecting company systems and data, regardless of what device they use to access them or from where.

Learn more about how Verizon can help secure your business, so you can stay protected and productive.