BYOD: The Nightmare After Christmas
Cybersecurity watchdogs might well fear what employees found under their Christmas trees: new devices to connect to your organization’s network (also known as BYOD, or “bring your own device”).
Millions of people undoubtedly received shiny new mobile devices for Christmas this year. A pre-holiday survey from the Consumer Technology Association found that tablets and smart phones were the second and third most-desired items on consumers’ wish lists. Overall, 65% of Americans—roughly 160 million people—were planning to buy technology gifts this holiday season.
It’s only natural that your employees will want to integrate these new gadgets into their daily lives, and that often means using them for work. What’s a company to do?
To BYOD, or Not to BYOD?
Enter the BYOD conundrum.
BYOD presents one of the biggest risks IT organizations have faced in the past ten years. It’s a trend that is driving control out of the hands of IT and directly into the hands of far less security-competent people.
Smartphones, notebooks, tablets, and other employee-owned mobile devices mean proprietary information is now stored almost everywhere, including the employees’ personal cloud backup services, where it all gets uploaded on a daily basis.
Unfortunately, surveys continue to show that many companies are simply not prepared for what BYOD entails. A survey of 400 IT leaders from the U.S. and U.K. found that 40% admitted they could not effectively manage identities and cloud system access. This, despite the fact that 84% of respondents said they let their employees use personal devices at work.
On the Other Hand
While this is clearly a problem, BYOD also provides a tremendous opportunity for IT departments to forge a proper human endpoint security awareness initiative. In fact, because of the high level of employee motivation associated with protecting their personally-owned devices, there is a golden opportunity to introduce a security awareness program. Such a program will ideally not only address material BYOD issues and behaviors, but information security overall (though specific courses tailored to BYOD best practices can’t hurt, either).
Because BYOD represents such a key risk area for IT, it may also be the tipping point for creating a compelling business case for implementing a truly effective security awareness program now, when it is most needed, and while informational assets are most exposed. For once, user motivation is on your side.
The Time is Now
With this state of affairs, you can’t afford to wait. In the meantime, the security gap is wide and growing wider.
But you’re not without help.
The most cost-effective and immediate measure your organization can take to stop that gap is to educate your people. To this end, BYOD presents a rare opportunity to engage your employees on security matters that tap their inherent levels of interest and motivation. That, as you know, is more than half the battle—and it’s just been handed to you.
In the process, you’ll gain far more than mobile security awareness. You’ll start to build a security-aware culture that closes the doors on every other information security vulnerability, from phishing to social engineering.