Do you need a policy at your company?
With cyber threats on the rise and network security an overriding and constant concern of the end user in corporate, healthcare, education and other vertical markets, what’s the risk when employees bring their own devices (BYOD) to your place of business?
BYOD is definitely trending upward. The concept applies to mobility, and the fact that increasingly employees are using mobile devices such as notebooks, tablets and smartphones in businesses of all sizes and many different industries. Research (Companies, Vendors Take Aim at Mobilizing Business Workflows, 451 Research, August 2014) indicates that 62% of U.S. employees use a smartphone to access company applications and services.
This increased reliance on mobile computing may result in higher vulnerability to data breaches, malware and compliance violations, according to a white paper by HID Global, “As Enterprise Mobility Usage Escalates, So Does Security Risk.” It’s a reality that IT and network personnel are trying to circumvent with BYOD policies.
Whether or not you put a policy in place is certainly an individual choice, one that must be decided with IT and network personnel and include an analysis of the business and potential loss that might accompany a cyber-breach. But it’s important to know that BYOD also provides an enhanced user experience for employees and customers, so the cost-benefits of increased enterprise mobility must be weighed carefully.
Finding cyber assistance
Some of the policies that may help shore up BYOD use include two-factor authentication, single sign-on and audit trail software. Two-factor authentication in the security business is often referred to as ‘something you have and something you know.’ Consumers are quite familiar with two-factor authentication as it applies to financial transactions, with a bank card the physical item and the personal identification number (PIN) the data that accompanies the card. With those two elements, it’s more difficult for a breach to occur, because the person would need both the card in their possession and also know the associated PIN for the account.
Single sign-on is a service that permits a user to use one set of login credentials such as name and password, to gain access to multiple applications or software programs in the enterprise. Deployment and management of single sign-on is inherently more secure. Finally, some organizations may use audit-trail software or services to track employees’ access to online or cloud applications as another safeguard to cyber threat.
Deciding on a BYOD policy may come down to the profile of your business, whether you handle sensitive information, and any escalated concern that privileged information may be at risk. Start a discussion at your company and weigh the risks and benefits carefully as society continues to go mobile. For more information on BYOD or an individual consultation, contact APL Access & Security today.