Page 42 - Cyber Warnings
P. 42
6. Manage the Bring Your Own Devices (BYOD) Dilemma
Bring your own device (BYOD) has become pervasive. Most companies are being pressured by
their executives for cost reduction and productivity boosting, to allow employees to bring their
personally owned devices (laptops, tablets and smartphones) to work. They are asking for
privileges to, either behind the firewall over corporate wifi, or over the public internet using
3G/4G or public wifi, to be able to VPN into corporate resources from these traveling devices.
There could not be a riskier thing to do, when it comes to corporate security. The main reason
is that the state of these devices is ever changing – applications, emoji keyboards, vpn clients
and even productivity sinkhole games like Pokemon Go have taken over the mindset of end-
users. Most employees have 30-50 unmanaged apps running on these devices and many are
freeware given away in return for access to their personally identifiable information – phone
identifiers, contacts list, email information, social media passwords, geolocation and much more
– turning these devices into fully loaded creep ware and spyware platforms.
Steps involved:
1) Create a ‘living’ BYOD policy and make sure everyone who is allowed to leverage
their own devices agree to the policy.
2) Train them as to the risks inherent in the free apps they already have on their
devices. Explain to them that their Emoji Keyboard is probably a keylogger and it
should be deleted if it didn’t come with the phone from the operating system vendor –
Microsoft, Google, Apple or RIM. The same holds true for all of their other free apps.
It’s time to do a spring cleaning – remove all the unused apps. Evaluate the rest for
their affect on privacy and data leakage risk. What hardware ports do they use? Do
they really need to access Keyboard, Microphone, Webcam, Bluetooth, Wifi, NFC,
3G/4G, GPS, etc. Does their privacy policy look onerous? If so, convince the
employee to find a safer replacement app.
3) Enforce rules through BYOD agent-based software to prevent Data Leakage. Make
sure these rules protect the corporation and are enforced during working hours,
through geolocation and/or VPN remote access.
42 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
