Bring Your Own Device, BYOD, is popular in the enterprise world because it avails the much-needed freedom by employees. With a BYOD policy in place, employees get to bring their everyday devices, like mobile phones, to the workplace, connect to the network and be able to do official business anywhere they are, as long as they have their mobile device with them. As far as efficiency goes, this is definitely a good thing but overall, it could be the weak link between an organization’s safety and lack thereof.
The biggest cause of data loss in organizations is the loss of the physical hardware. A mobile device that belongs to an employee that gets left behind in the back of a taxi by mistake or on a bar table poses as much risk as a well-coordinated hack on a company’s core system. If anything, given how much sensitive information we share every time we open the email apps on our smartphones, the loss of such devices could be carefully engineered by malicious third parties with intent to gain access, fraudulently, to critical information and cause damage to an organization.
Employees bringing their own devices to the workplace may also expose the corporate network to espionage in instances where applications downloaded for personal use are compromised and data transmitted to remote servers outside the control of the business network’s system administrators. This happened quite often as rogue apps keep on being unearthed by hawk-eyed researchers. Just the other day, it was discovered that a fake version of the popular messaging application WhatsApp had been uploaded to the Google Android app store bearing the name WhatsApp Inc as the developer. Even though the application’s name, “Update WhatsApp Messenger”, ought to have raised some red flags to the users who downloaded it over a million times before it was eventually taken down, not many are that keen. It easily passed off as the legitimate app and many fell for it.
Fake WhatsApp Update on #GooglePlay . Under the "same" dev name. Incl. a Unicode whitespace. One Million downloadshttps://t.co/qjqxd6n6HP pic.twitter.com/dmvTksqpuP
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
According to those who flagged the rogue app and brought it to the attention of the public, it was displaying annoying ads (hence users risked getting adware on their devices). It also, reportedly, downloaded some content to the devices of those who installed. Imagine, for a moment, that one of those users who installed the WhatsApp clone app were on your corporate network. That would mean that the entire organization had been exposed to unknown scammers who could’ve caused untold damage not just to the organization but to its clients as well. A simple injection of malicious code, like the one the application was able to download, into the network puts every member of the organization who connects to the network at risk and the effects could be widespread as the level of connectivity in today’s world means that a user in Seattle in the United States who is on the same corporate network as another member of the organization based in Eldoret, Kenya is at risk if the latter happens to use a malicious application on their mobile device which has access to the network.
Most companies have navigated the BYOD issue by taking the CYOD route. CYOD simply stands for Choose Your Own Device. This means that in an organization set up, employees are not permitted to access the organization’s network using their own personal devices. Instead, the company avails to them a list of devices, that have probably been vetted by the IT department and approved, to choose from and goes ahead and procures them for the staff. While CYOD makes things easier for the system admins as they are able to issue updates uniformly and remotely manage the usage of the devices (where possible even limit the type of apps users can install on their devices), it can also be costly to the organization as it now takes up the role of maintaining a number of mobile devices and their operations for its staff. This can be easy to manage in a small organization but a burdensome and costly task in large organizations.
This is why it may make sense to, instead, invest in a cybersecurity solution like the one offered by AON which not only guarantees that someone has an organization’s back in the wake of a breach but also the continuity of business operations.
Like they say, malware is only a click away. The only problem is that you never get to know which link will bring down an entire organization.