Bring your own device (BYOD) initiative, in which people use their personal devices for work as well, is a real thing. The risk of such devices being compromised and the data stolen is also a real thing. However, a large majority of people doesn’t seem to care that much.
According to a survey conducted by Kaspersky Lab, together with B2B International, around half of the consumers surveyed use their devices for work, but only one in ten is concerned about keeping work information safe.
Some 36 per cent of respondents store company files on private devices, and 34 per cent keep work-related email messages.
Sometimes, more confidential information can also be found on users’ devices, such as passwords to corporate email accounts (18 per cent), networks or VPNs (11 per cent). Such information represents a valuable prize for cybercriminals hunting for corporate secrets.
However, BYOD is useful, and Kaspersky Lab’s specialists have several recommendations that should be borne in mind when connecting employees’ personal devices to corporate IT networks:
- BYOD integration should be regarded as a specific project; this is especially true for a large company. Every last detail of the integration process should be designed beforehand; and this should ideally include an infrastructure audit, a design stage and a pilot implementation.
- To effectively protect mobile devices, it is important to use a comprehensive solution that ensures security across the entire corporate network, not one that focuses only on mobile devices. Without this, compatibility problems may arise and create extra work for system administrators.
- Managing mobile devices in a large company requires additional skills over and above those demanded by routine system administration. It is worth ensuring there are appropriately qualified IT security specialists on the team. These can provide centralised management for all mobile devices within the corporate network, ensure that all mobile applications are installed, removed and/or updated via dedicated corporate portals, and regulate data access levels and employee privileges.
- Most importantly, the business needs to develop robust scenarios for how to remove personal devices from the corporate network if they are lost or stolen, or if an employee leaves the company. A procedure should be developed to remove confidential corporate data from these devices and block access to the corporate network.