sb-eu logo
Story image

BYOD security in remote work era still riddled with issues

10 Jul 2020

Bring your own device (BYOD) programs have existed for years -and with the massive uptake in remote working, it seems that BYOD security is once again in the spotlight.

Bitglass’ 2020 BYOD Report suggests that BYOD and personal device security in organisations still leave much to be desired, even as more organisations adopt flexible BYOD arrangements.

According to the report, 66% of polled respondents say that employees at their organisation are permitted to use personal devices for work, while many other organisations enable BYOD for contractors, partners, and suppliers.

Furthermore, respondents are aware of security risks such as data leakage, which is a top concern for 63% of respondents. Users downloading unsafe apps or content also ranked highly (57%), followed by lost or stolen devices (55%), unauthorised access to data and systems is also a concern (53%), and risk of malware infections (52%).

Other risks include the inability to control endpoint security, the logistics of device management, ensuring software is up to date, and compliance.

Despite being aware of the risks associated with BYOD, organisations are still leaving major gaps in their efforts to secure corporate data.

According to the report, 51% of organisations have no visibility into file sharing apps, 30% have no visibility or control over mobile enterprise messaging tools, and 9% use cloud-based anti-malware solutions.

However, BYOD also presents privacy issues, which may be why security policies are floundering somewhat. 

Organisations need physical access to corporate-owned devices and managed endpoints, but it’s a different story when a BYOD device is owned by an employee.

Respondents say that they need the following things when provisioning a managed mobile device: Physical access (59%), a device PIN (52%), root access (36%), a user’s cloud backup password (21), and other (12%).

Many organisations report they have visibility into the following applications on BYOD: email (74%), calendar (57%), contacts (57%), messaging (50%), file sharing (49%), cloud backup (34%), document editing (31%), virtual desktop (24%), and other (12%).

Bitglass CTO Anurag Kahol explains, “The top two reasons enterprises hesitate to enable BYOD relate to company security and employee privacy. However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables.”

Kahol suggests that organisations implement comprehensive cloud-based security platforms that secure all interactions between users, devices, apps, and web destinations.

The report suggests that organisations use data loss prevention (DLP) to protect data at rest and in transit, even across personal endpoints. They should also used agentless advanced threat protection to block threats.

Organisations could also consider selective wipes for removing company data from employees’ personal devices without affecting their own personal data.

Story image
Machine identities increasingly exploited, new research finds
Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.More
Story image
Why greater network visibility is needed to reduce the threat posed by IoT in the enterprise
At home and abroad, organisations have joined the rush to embrace Internet of Things (IoT) technology, but a new survey shows they’re only just beginning to wake up to the enormous risk those devices pose, writes ExtraHop A/NZ Regional Sales Manager Glen Maloney.More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More
Story image
10 billion records sit in unsecured databases - China leads the pack
A white hat hacker hacker uncovered a total of 9517 unsecured databases worldwide, collectively containing more than 10 billion entries.More
Story image
Improving network security by ‘deflecting’ cybercriminals
Even with the best perimeter defences in place, malicious actors can still gain access to a network and resources connected to it. But a new technique has made it significantly easier to spot these cyber-attackers.More
Story image
Video: 10 Minute IT JamsAttivo Networks on threat detection using deception
Attivo Networks is a US-based technology vendor in the cybersecurity space. The company focuses on threat detection and deception.More