Page 34 - Cyber Warnings
P. 34
The Balancing Act of BYOD - Keeping Employees Happy and
Secure on Any Device
Corporate cybersecurity leaders are forced to interact with the biggest threat to their mission
every day: their fellow employees. It’s not that these individuals are trying to undermine the
best-laid plans of the CIO or CISO, but that they often represent the easiest path for a hacker to
infiltrate the network. Yet, in dealing with the human element from a security perspective, IT
leaders also have to manage the employee’s desire to work, how they want to work, and on the
devices they want to use.
The Bring Your Own Device (BYOD) trend has taken strong roots in enterprises and small to
medium businesses with recent surveys by Tech Pro Research showing that 72% of
organizations either permitted BYOD or were planning to do so. BYOD can make a lot of sense
from the perspectives of cost and culture, but it only takes one wrong click, one “found” USB
drive plugged in, or one enabled macro to start a very bad day in the IT department. For
companies that are permitting, requiring or evaluating BYOD, here are three thoughts on
balancing security, productivity, and convenience.
Build It Right
BYOD brings with it the end of total endpoint control. While IT departments may be able to
mandate the use of certain applications and tools in order to access the network or certain files,
the computer or mobile device is no longer theirs alone to administer and maintain.
Therefore security leaders need to maintain focus on what is still in their control: the network
architecture. By layering different technologies and segmenting information in different zones,
companies not only prevent threats from entering the network, but also keep breeches isolated
and away from the most sensitive zones. By keeping the applications and users entering the
network on a BYOD device in as few zones as possible, it creates a safer overall network. Many
of the usual security solutions should be in place, such as firewalls, anti-spam, anti-virus, but
with the constantly evolving matrix of threats, it is vital to maintain a dynamic, policy-driven
architecture to stay one step ahead.
Address the Human Side of Security
Since the IT department is no longer the sole administrator of devices, it becomes critical to get
new team members up to speed. For example, the fundamental tasks of keeping applications
and OSs updated are mostly in the hands of the user, so they need to be educated on why, how
and when to update their devices so that vulnerabilities are removed and new features are
added. Creating better behaviors with the primary devices can also carry over to secondary
devices that may exist outside of the company’s knowledge.
34 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
