Where do your employees put your data at risk?
September 30, 2014

Organizations in the public and private sectors have appeared to fully embrace the BYOD revolution, enabling remote work through the use of smartphones, tablets and portable computers among their employees. This has been a highly effective and positive trend for virtually all companies, so long as the word “security” is not mentioned in conversation, as the breadth of threats introduced into the workplace from these programs are immense. 

Now, remember that it would be difficult for a firm to remain relevant and competitive without at least some form of a mobility program in place, as workers need the ability to function wherever they are and at any time given the modern demands of consumers and corporate purchasers. Part of the problem when it comes to access management is that most organizations are relying upon antiquated credential systems rather than dynamic authentication, which puts information and networks at risk. 

The other piece of the puzzle is the lack of clarity and alignment with best practices that is increasingly apparent in BYOD strategies, meaning that employees are not being trained, policies are not being accurately formulated and enforcement is an entirely different can of worms altogether. Before putting a BYOD policy into action, decision-makers should ensure that they are covering every potential problematic area that could lead to access management failure.

And there are a few…
Chris Barraclough, writing for Recombu, recently explained that the behaviors many individuals have when approaching a public Wi-Fi network should be enough to worry everyone from consumers to government officials. Many telecommuters will choose to work from coffee shops, or virtually any location that has a public Wi-Fi network accessible to every patron who walks in the door, and this is generally viewed as normal. 

While what consumers do on their own time can be considered their own responsibility, business leaders need to recognize the inherent threat that is posed in these situations. According to Barraclough, private data and account information will often be exposed when even a somewhat proficient cybercriminal is accessing the same public Wi-Fi network as another individual, meaning that sensitive data can be at risk of theft without any true warning signs. 

He pointed to a test that one security expert conducted in England. 

“Finn Steglich, an IT security consultant, set up a free Wi-Fi hotspot in Canary Wharf and Westminster and monitored traffic as random phone users hooked up to the network on the fly,” the author wrote. “With the hotspot connected to his laptop, Steglich was able to see all of the users’ unencrypted data and was able to nick their usernames and passwords, giving him access to to their private accounts.”

The short and long of it is that decision-makers must recognize the sheer breadth of risky goings-on that are taking place within the purview of their BYOD programs. 

Teach employees well
Rather than simply hoping that staff members understand their responsibilities by way of identity and access management, organizations must take the initiative and clearly educate their employees in the best practices of mobile security and information governance. This way, the chances of a staff member accidentally accessing an insecure network and putting data at risk will at least be partly depleted. 

However, businesses will also need to implement safeguards which protect networks and data even in the event of malicious or errant activities among employees. One of the best ways to achieve stronger control in BYOD is to leverage dynamic authentication solutions that anchor identities directly to a device, streamlining the user experience while decreasing the risk of lost credentials that would be apparent with traditional passwords.