With the increasing use of Software-as-a-Service or Cloud apps for business, the Bring-your-own-Device (BYOD) trend among Small and Medium-sized Businesses(SMBs) is increasing. Many employees prefer to use theirown mobile device for work rather than carry around two or more devices. Nowadays, more and more people are working from home and/or telecommuting. Moreover, there is a perception that 24/7 access to email and other company business applications outside working hours helps increase productivity and performance.
The waves of mobile devices flooding the work place are a security threat to company proprietary data. There is a concern that employeesmight either accidentally or purposefully download malware on their personal mobile deviceor expose confidential company data to criminals.
But are SMB’s taking any security measures to secure BYOD? A recent study of 623 small business owners and employees by AT&T and the Polytechnic Institute of New York University(NYU-Poly) found that 83% ofthe small businesses surveyed,allowed the use of mobile devices in the work place.Although 65% of them are concerned about the security of their confidential data, not many are taking any proactive security measures.Of the SMB employees surveyed, only 68% have some form of security on their mobile devices and only 42% of those without any form of security in place have plans to increase security.Hackers know full well many SMBs lack the finances, manpower and expertise needed to mount a proper defense.
What should SMB’s do to decrease security risks from BYOD?
Small and midsize businesses must enforce a BYOD policy or risk a security breach of confidential company and customer data. Such a breach could have costly and embarrassing repercussions that may prove to be very difficult to recover from.
Some steps to take to ensure that your business is secure from BYOD threats:
- All businesses should conduct a regular audit of theirsecurity policy(including BYOD policy), evaluate and test security controls, identify security loopholesand potential loopholes, assess the risk, and make a plan of action to fix or mitigate any deficiencies found.
- To effectively protect the company network from potential risks posed by BYOD, businesses mustconfigure thefirewall to permit access to only the employees’ personal devices.Since it is very difficult to monitor all of the employees’ personal mobile devices it is better to focus on securing the network. If not already in place businesses must also adopt information security best practices such as encrypting all sensitiveand confidential data, updating cloud security, and regular backups of company data.
- Identity and Access Management (IAM) – The business must maintain strong control over employee & partneraccess to the company applications and data. Employees’ personal mobile devices that need access to the business network must be authorized,authenticated, and controlled. Once connected to the network, their activity must be monitored and controlled based on the company’s security policies.SmartSignin’s Cloud IAM is ideal for SMB’s using multiple Software-as-a-Service apps. SmartSignin manages passwords and makes the task of access control to cloud apps simpler, less expensive and, most importantly, more secure. SmartSignin is affordable, eliminates hardware, maintenance, and token dependencies andcan be easily integrated with enterprise directories in just minutes. SmartSignin Mobile IAM for multi OS’s will soon be available for SMB’s.
- Mobile device Management (MDM) – All employees must agree to install security software onto their personal devices and activate encryption features, in accordance with the company’s security policy.All mobiles should be password protected, have security software installed with automatic updates.Employees must enable the now common locate and lock/deletefeatures or software on their devices in order to prevent further security risks to the business. Some of the MDM apps available are FancyFon, MobileIron, Zenprise, and even RIM has BlackBerry Mobile Fusionfor Blackberries.
- Employees must be educated about how to protect laptops and personal mobile devices. They should also betrained on secure web browsing and developing strong passwords. They must continually be kept informed on specific security threats (virus, worms and malware)and websites/applications to avoid.
The demand for BYOD is high and it is definitely here to stay!SMB’s must thereforeput security policies in place that will ensure that their data is protected againstcyber criminals.