Although BYOD enables real-time mobile communications throughout the organization on nearly every level, it also introduces some very disconcerting security vulnerabilities grouped into two main areas.
Company Information on Private Mobile Devices
BYOD enables personnel to store company information on their own private mobile devices. This aspect of BYOD increases the risk of unauthorized information access and security breach through an increased number of attack vectors because the mobile devices travel with personnel both during work hours and on their personal time. Issues such as up to date security patch installation, Bluetooth services enabled and/or securely configured, WiFi services enabled and/or securely configured, device storage protected over workstation USB connections, and device storage protected from potentially malicious apps are just a few of the many security risks introduced with BYOD.
Company Communications on Private Mobile Devices
The main efficiency introduced by BYOD is anywhere, anytime electronic communications such as text messaging, email, instant messaging and even social media communications leveraging employee’s personal mobile devices. However, as with the storage of company information on personal mobile devices, allowing company communications through these same devices exposes the company to security risks such as the transport of company confidential information over insecure channels like email and instant messaging that both send data via clear text by default, enabling malicious attackers the opportunity for easy MITM (Man in the Middle) and other eavesdropping attacks through network connections.
Contact us to find out how the security controls discussed in the next post can enable your organization to securely and successfully leverage a BYOD program.