BYOD-Single Most Important Cyber security Vulnerability Facing IT Managers Today
Cyber security must be an aggressive and evolving practice. Not only is it important to put security in place for current technology that can access electronic information, but also to look forward to future trends and strategies. Methods must also be developed that will continuously protect information regardless of growth and technological advances. As trends change and new technology develops it is the responsibility of businesses to balance cost saving measures with adequate security measures.
Cyber space is any area where data and information is electronically stored or filtered through that can be accessed via a variety of networks, programs, and systems. Cyber is all measures put in place to ensure appropriate use and protection for that information. It is important for organizations to ensure their networks and components within those networks are secure. Each connection to the internet, and each user of the network is a vulnerability to that network.
In today’s economy with corporate scandals, government crackdowns, financial cutbacks, and new implementation of policy the single most important vulnerability facing IT managers today is the idea of bring your own device (BYOD). BYOD implementation seems like a viable option for various companies, businesses, and educational institutions worldwide. This practice appears to save money for the company. It also increases portability and access for employees. BYOD is a forward thinking and innovative solution. As these entities grow, their hardware/software needs increase what better way to eliminate high costs. BYOD What is BYOD?
Bring your own device is where users, which may be students or employees, are empowered by their organizations to use their personal cell phones, tablets, and/or laptops for that organizations’ tasks. Who participates in BYOD? According to a survey performed by Cisco ISBG, see Figure 2, white-collar workers are the majority of BYOD users. The highest percentage of positions using BYOB tends to be IT Staff, Managers (senior and middle), Execs, and Creative/Design Staff. Cost is the driving force in many business decisions and with BYOD, weighing the costs of upgrading the infrastructure versus buying new tech must be addressed.
The upgrades might be needed to expand current network bandwidth or Wi-Fi to support all the personal devices. Often it depends on the type of organization whether the cost savings is significant enough. Another expense attached with the BYOD program relates to expanding the network, tech support. In an article by Ron Schachter, Osseo Area schools expanded their Wi-Fi network and depended on the students and their families to fix them since most have experience handling technical issues.
The schools IT department also sends home a standard disclaimer letter noting that the school is not responsible for any broken or stolen student devices (Schachter, 2012). The Impact of This Vulnerability on Organizations The Air Force recognizes the vulnerability of outside or personal devices connecting to their networks. In fact, each day when users log on to their computers they receive a prompt letting them know what is unacceptable to plug into their USB ports. These items include USB drives, cameras, iPods, and thumb drives.
Even with the policy, do more with less, the decision to remain secure and protect its network remains important. In order to make sure implementation of BYOD is correct, setting up security infrastructure must be important. It becomes difficult to control and protect the organizations information when it is accessed through personal devices such as smartphones or tablets. The incorporation of smartphones within an organizations “toolbox” is a common process. Smartphones have the capability of giving the user access to emails and documents that could contain classified or private information.
The more devices with portability then the greater chance of outside individuals accessing that information which leaves it open to manipulation. Recommendations All devices must have security in place and policy to govern how its use for business is conducted. As a minimum, they should have passwords, remote locking, and remote wipe enabled. Although it may seem extreme, when numerous attempts to access the device with the incorrect passcode is made, the info stored is erased. The remote locking and remote wipe feature will protect information if it is lost or stolen.
As a minimum policy, device owners need to know who to contact, what programs or applications on the device will access the organizations information, the steps for remotely wiping/locking the device, and how to change passwords and how often. Restricting users to one communications carrier and require signatures on release/waiver forms will assist in controlling some of the uses. Keeping personal information separate from the organizations is imperative. The use of a BYOD for employees is a two-edge sword.
Yes, they will be able to use their own personal devices and eliminate having to use more than one. However, the organization will have more say in what software can be loaded in order to gain access to the information needed. Review and enforcement of policy and regulations must be consistent and often to ensure it is adequately protecting the organizations. Once a person is no longer with the organization or if the device is stolen, a method must be in place to make sure access to proprietary information and any stored organization information is deleted.
Some organization determine that partial wipe of a BYOD is inefficient in that it only deletes organizational information. However, if personnel use other applications to record information it can leave the organizational vulnerable such as if they take photos of their information. (Neagle, 2013). In that instance, a partial wipe will not be effective. Conclusion The BYOD program is a growing trend with the appropriate security in place it can be beneficial for organizations. BYOD is a vulnerability that IT administrators must assess to ensure the security of the network.
Costs of implementing BYOD are usually associated with upgrading the network to support these devices. Policy must be in place to ensure user understand what to do if a breach of information occurs on their device. Disassociating the personal information from organizational information is important. Ensuring all users are educated on the policies of the organization and continually evolving those policies as the work environment changes will help in ensuring this vulnerability does not become a threat.