Page 28 - CDM-Cyber-Warnings-January-2014
P. 28
Six Perils of BYOD Data Security Exploitation by Vinod Mohan, SolarWinds Bring Your Own Device (BYOD) is not a new story in today’s IT world, and all organizations— across all sectors and geographies—are feeling its effects, ranging from severe financial and reputational losses to smaller incidents of security breaches and policy violations. However, this doesn’t make BYOD an insurmountable threat, and there is no need to block all employee- owned devices from corporate networks. On the contrary, these harsh regulations would rob companies of all the benefits and flexibility that BYOD brings to the business, such as improved employee productivity and satisfaction, on-the-fly data access, and cost savings. However, BYOD is getting more difficult to manage due to both the increasing number of employees favoring it and the induction of newer types of devices supporting the technology. By now it’s clear there is no stopping BYOD, so the only possible solution is to deal with it. But dealing with BYOD poses a great challenge for the IT security teams at organizations as they have to assess the various threats associated with it while also implementing proper security measures and policies to prevent security lapses and mishaps. To help IT pros understand this new threat landscape, outlined below are six critical, attention-seeking data security risks posed by BYOD. 1. Dicey Network Access One of the foremost challenges associated with BYOD is controlling network access on employee devices. Most organizations have a Wi-Fi password that employees are aware of, and this allows employees to gain direct access. An employee can just connect his personal laptop, tablet or smart phone to the corporate network and download malware from the internet on his personal device. However, if the device is not equipped with the required level of malware protection, it can be potentially dangerous to network security. Also, if the Wi-Fi password is exposed or leaked, any unauthorized outsider crossing over the organization’s Wi-Fi space can gain immediate network access and pose security risks. 2. Plain Sailing with Data Theft Once company data is on an employee’s handheld device, it can just walk out of the door unnoticed. Once it’s outside the company premises, it’s not within reach of the IT security teams and can be leaked or stolen anytime and anywhere by gaining direct access to the device, or by exploiting any end-point application vulnerability or encryption channels. Additionally, almost all handheld devices are also mass storage devices that allow connectivity to enterprise servers and workstations via USB cables. For IT pros who monitor all device connections on the network to detect data mobility and backup, this introduction of mass amounts of data via BYOD poses a major challenge. 3. Gateway for Rogue Devices As employee devices are not equipped with enterprise-level IT security measures, it’s highly likely that they can be easily compromised by cyber criminals. When introduced on the network a rogue device, in the guise of a legitimate employee-owned device, can wreak major network havoc and + % %! ! & , ! . !( %+ ' "! "#+% ' - + % !& , ! % '& % & %) *"% *
