[BreachExchange] 4 BYOD Risks HR Managers Should Know About

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 25 19:16:34 EDT 2017


https://blog.hrtechweekly.com/2017/07/24/4-byod-risks-hr-
managers-should-know-about/

In today’s employment atmosphere, a growing number of companies are
shifting toward a more flexible workplace. By implementing bring your own
device (BYOD) policies employees are now increasingly using their own
devices for business purposes.

Even though such policies can bring numerous benefits to companies, they
come with some inherent risks. The following four issues are worth
examining before deciding on a BYOD policy.

Irregular Updates

Every mobile device is vulnerable to hacks from outside sources. Your
smartphone, tablet and laptop all have similar software that can be hacked
if firewalls and other security features aren’t in place or aren’t updated
regularly.

Busy employees often put off their security updates. Unfortunately, their
phones are then automatically open to potential attacks. In a regular IT
environment, it’s up to the business’s IT department to secure every device
used for company purposes. Since the devices are the employees’ private
property, they are responsible of keeping them updated with the latest
versions of security software.

Viruses and Malware

Viruses and malware have numerous pathways that they can take to infect an
employee’s device. The worst thing is that an employee’s device could be
hacked without them even being aware of the situation.

For example, your employees can receive phishing email with a malicious
link that could install viruses or malware when clicked on. The infection
could then spread onto the company’s server and compromise corporate
information in a matter of seconds.

The phishing email could also look as if it’s from a familiar contact or
even a legitimate website. It could ask your employees to click on a link
and in order to log in into their account. The employees would then enter
their user names and passwords on fake websites giving hackers access to
their sensitive information. Identity theft is always a possibility in
these hacking situations.

Unsecured Connections

Your employees might use their devices to connect to public Wi-Fi to access
necessary data on your company’s server or to go online for personal needs.
Unfortunately, using public networks is dangerous since they allow multiple
people to connect to the same network, and that includes hackers.

Hackers could intercept the data your employees download or upload, they
could install malware on your staff’s devices and even gain access to their
email. This is another way malware could spread from the infected devices
onto the company’s server and compromise the safety of corporate data.

Your employees need to be aware of these threats and take the appropriate
preventive measures. Instruct your employees to turn off Wi-Fi when they
don’t need it and disable it from automatically connecting to open networks.

You can also set up a virtual private network (VPN) which will allow your
employees to connect to a hotspot without worrying about data breaches.
Connecting to a VPN encrypts and secures any data being sent or received.
This disables hackers from intercepting sensitive information and
compromising the security of your employees’ devices.

Missing Devices

The best opportunity for stealing corporate data is when a device gets into
the wrong hands. Lost or stolen devices are always a big security issue,
which can lead to leaked proprietary data and vulnerable business positions.

IT professionals need a plan in cases this happens. A remote wipe policy is
a very good solution which allows the IT team to completely remove all data
on a device after it’s been reported missing.

Since BYOD devices include an employee’s personal data, you need to make
sure that the employee agrees to a remote wipe of every piece of data even
before they are hired.

Employees should see this step as both a protective corporate and
identity-theft policy. To avoid any further information hacks, employees
can also make it more difficult to access the data in the first place. A
fingerprint or PIN passcode frustrates thieves, and they might toss the
device before trying to access the information.

Final Thoughts

These security issues aren’t a reason to forgo a BYOD policy. However,
appropriate security measures are necessary in order for it to be
successful. Begin your BYOD strategy by educating your employees about the
importance of regular updates and how to recognize security threats.

They need to understand that every piece of data is priceless to the
business and their personal life. In reality, many people don’t realize how
valuable their data is to hackers outside of the corporate atmosphere.

Employees also need to agree to corporate statements, liabilities and
compliance measures in order to make this BYOD program a success. At the
very least, add professional indemnity insurance coverage to the company so
that any data leaks are quickly resolved.

Finally, by protecting the data with software and passwords, businesses can
keep their proprietary information private. In the end, the employee’s
device can be as safe as any company-issued electronic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170725/063b29c1/attachment.html>


More information about the BreachExchange mailing list