It’s a well-known fact that millennials and generation Z are digital natives and are basically always connected to their gadgets. This trend has consequences extending beyond the consumer market, with an effect on the corporate world as this young cohort enters the workforce. One example is more people using their own laptops and mobile phones at the office and for work in general. The consultancy firm Markets & Markets estimates the Bring Your Own Device (BYOD) market will be worth $73.3 billion in 2021.
BYOD has several advantages for companies. IT managers note that employee productivity is on the rise and workers have more flexibility, resulting in better customer service. That said, it also presents various challenges for security that go beyond a company’s physical perimeter. What risks does BYOD entail? What is the best way of dealing with them?
The perimeter includes wherever an employee is located
Companies are exposed to a high number of threats coming from all sides, from dangerous web content to malware that can affect the entire corporate network. Attacks are increasing in frequency, resulting in more attention being paid to cybersecurity. That’s why the firm Cybersecurity Ventures estimates that the total spend on cybersecurity will hit one trillion dollars in the next five years.
However, many of these investments in cybersecurity only protect devices and servers on the corporate network. With BYOD, it’s clear that only protecting the physical perimeter is insufficient. The trend has resulted in personal mobile devices such as smartphones, tablets, and laptops, which are not under direct control of IT managers, being able to access the corporate network from anywhere. This means that the perimeter extends to anywhere employees are located, no matter how far they may be from the office. Thus, it is necessary that protection covers all devices.
The need for a BYOD policy
To prevent security risks and before applying solutions, it is essential for companies, regardless of their size, to establish a BYOD policy with a clear blueprint and adapt it to all platforms so that they are properly prepared. Accordingly, consultant Larry Alton recommends that a BYOD strategy include specific guidelines. Once the criteria for program use are established, IT managers should allow employees to add their personal devices to the network.
However, it does not mean that IT has strict control over employees’ devices. The ideal situation is to strike a balance between keeping a company’s data secure and safeguarding the privacy of employees, who will of course continue using their devices for personal use. Thus excessively strict or invasive policies are counterproductive. Policies should be completely transparent to determine each party’s responsibility.
Monitoring solutions until the endpoint
Given the nature of the security risks of BYOD, organizations should implement solutions that apply a constant real-time monitoring of the corporate network and of all its access points. Generally, security solutions only address servers and work stations within the physical space of the company but, as we mentioned before, with BYOD, simply protecting the physical perimeter is not enough. Therefore, protection should extend to all endpoints and devices.
One example of this type of solution is Panda Adaptive Defense, an endpoint detection and response service capable of accurately classifying any application and blocking advanced threats as well as zero-day and directed attacks that other more traditional solutions are incapable of detecting.
Although BYOD presents new security risks, the opportunities it offers companies and employees far outweigh these risks if the necessary precautions are taken. A prevention strategy based on appropriate policies and on real-time monitoring solutions for all devices is the best way to take advantage of BYOD’s full potential.