Home > Blog > 7 musts to implement BYOD successfully
Mobility is essential for a successful company, but the challenge is securing all that data.
A mobile workforce
Today, employee mobility and office BYOD programs are critical for enterprise productivity. Mobile devices add new security challenges, bypassing many of the security controls you have in place. Mobile devices, mobile apps and the networks they use are now essential to satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.
Unfortunately, increased connectivity often translates to increased security threats. Gartner predicts that by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing traditional enterprise security controls. Hackers are constantly innovating to target your organization and mobile devices have become their path of least resistance. John Michelsen, chief product officer at Zimperium, shares seven musts for any BYOD program to successfully thwart mobile cyber attacks.
1. Understand mobile privacy concerns
Employees don’t expect personal privacy when operating a company-owned computer. Therefore, surveillance-style security solutions meet little resistance from users. But when employees bring their own devices to work, monitoring web searches and email content becomes a major violation of privacy. Enterprises must develop mobile security strategies meeting the staff’s privacy expectations and security requirements set by IT.
2. Recognize EMM solutions are insufficient
Many organizations accept Enterprise Mobility Management (EMM) solutions to protect their mobile ecosystem. While these solutions are great for managing security policy compliance, they cannot detect cyber threats on managed devices.
3. Know the three layers of mobile vulnerability
Desktops and servers are hard enough to protect, but don’t underestimate mobile devices. You need to understand how mobile devices can be used against you for potential attacks:
Devices can be compromised via risky configuration settings or vulnerabilities in the operating system like Stagefright or Trident.
Networks provide easy conduits for attacks since devices autoconnect or users are starved for bandwidth.
Applications with malware installed or have been improperly developed can bypass protection mechanisms and steal sensitive corporate and personal data.
4. Ensure all devices are running the latest software
Outdated mobile operating systems are extremely vulnerable to known exploits that have since been patched. Mobile security company Zimperium indicates 60 percent of mobile devices in a BYOD environment are operating on outdated OS versions.
5. Beware of imposter apps
Zimperium data shows 1 percent of mobile devices are infected with malicious apps. This poses a significant risk for enterprises with thousands of employees. To reduce these risks, companies should limit connectivity of infected devices to corporate resources.
6. Make network threats a priority
While malware apps are definitely an issue, there are even larger threats at play. Zimperium found network threats are 15 times more common than application threats. Educating employees about the dangers of public Wi-Fi is essential to a strong BYOD program.
7. Develop a real-time proactive strategy
Gone are the days of post-attack detection. Enable your IT teams with a method to identify and remediate cyber threats in real-time to eliminate mobile devices from being used against your organization.
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.