BYOD Rules, Network Security & Your Business

The integration of sophisticated interfaces in modern devices has made it difficult to draw a line between personal and business usage. Nearly a decade back, it was fairly easy to differentiate between data/software/applications targeted or being used at an enterprise level and those at a personal scale.

The data that is being circulated around can be classified as business and non-business. Each has its own specific attributes with respect to sharing and security management. For instance, under no circumstance would you want enterprise data (account information, client detail, etc.) to be circulated freely.


BYOD Rules, Network Security & Your Business

The BYOD Conundrum

This is where the concept of Bring Your Own Device (BYOD) comes in. The employees can now use their personal smartphone/device to access corporate data. From a business point of view, this is a security liability. So while BYOD is helping to achieve higher productivity from your workforce, it is also a potential risk.

This can also be taken into account from a survey performed in the UK which revealed that at least 51% of UK based networks have been compromised by BYOD.

Remedial Measures

The current pace of business doesn’t allow companies to gradually roll out policies for things like data security. You can’t simply stop the growing trend of personal devices within the workplace since it is now an ‘accepted norm’. So, an alternate approach to security measures and a customized ‘acceptable use policy’ needs to be considered.

Some additional measures that can be taken include:

  1. Good intrusion detectors should be the first line of defense. Virtual security for data centers will be increasingly important in keeping the transfer of data in check. It is a good deterrent against hackers who try to use apps (installed on the devices) to get into the main servers of the company. It also helps in server protection against shield vulnerabilities resulting from BYOD security breaches.
  2. Create an access policy framework in which there are specific criteria for authorized users. It means that employees should have a level of access based on their ranking or organizational hierarchy. Your intrusion detector would point out if any unauthorized data access occurs through a BYOD.
  3. Take a precedent from the legal strategies that the U.S. government has laid down for BYOD in the White House. It would serve as an ideal legal template which you can share with your employees. Draft your acceptable policy use within the gambit of federal and state law, and check to make sure it is not infringing on your employees’ common access to information/right to privacy.
  4. An offsite backup system for sensitive data is also a good option, especially for small business and accounting firms. Saving backed up data in the cloud means the process follows some standard protocols. For example, the Service Organization Control type II reporting standard from the American Institute of CPAs specifically directs cloud providers to keep the data owner consistently aware of security and related details.
  5. Generic data and network security is defined by tools such as firewalls, encryptions, filters, virus protection and passwords. Make sure that your company is not missing out on any of these just for ‘cost saving’ purposes. A network breach is going to translate into more expenses later. For instance, if your employees are working from a remote site and transferring/using data from the main office, this transmission should be encrypted. Even one loophole is sufficient for hackers to make their way through and into you company’s systems.

One of the major data scoops in this age with a BYOD was that of Snowden, the infamous National Security Agency (NSA) whistleblower. He leaked highly classified data, which he was able to transfer from the NSA database using a simple USB.

If an organization such as NSA can be compromised, you shouldn’t take the risk of not prioritizing network security.

Follow Me