The 11-Step Guide to BYOD Security. How to Avoid Getting Fired
First things first: what is BYOD?
In a general sense, BYOD is defined as a way to allow people take their own devices for work, no matter we talk about laptops, tablets or smartphones.
A report from Tech Pro Research pointed out that most companies and corporations are already using or are planning to allow employees usage of BYOD in their own organization.
But, as with any new technology and trend, there are positive and negative aspects involved.
Which of them will prevail in the future, it is difficult to tell. But, for the moment, let’s see what they are.
What are the advantages of BYOD?
- employees can use their devices from anywhere, are more flexible and productive
- “BYOD” represents an economic advantage for small companies that avoid paying for new hardware
- the user is more concerned about securing both his personal and professional information
- personal devices are faster (and better) than the old computers assigned by the IT department
What are the disadvantages of BYOD?
- there is a distrust from the IT department towards the user’s capability of protecting the device
- lack of proper protection, such a software protection, puts corporate data at risk
- the employees’ personal devices are exposed to more threats in the wild, such as unprotected Wi-Fi networks and public computers
What needs to be acknowledged is that BYOD is no more a buzzword or a trend in the IT environment, it is a reality that affects multiple industries.
But, let’s not anticipate, a few studies and numbers will provide us with some answers:
- 67 percent of workers already use personal devices in the workplace.
- 50 percent of companies will require employees to provide their own devices for their jobs by the year 2017.
- 69 percent of IT decision makers in the U.S. (and up to 88 percent in some countries) feel BYOD is a good thing for the organization.
- 49 percent of users say they are more productive using their own devices.
Though we may have an increasing number of personal devices employed in the professional sphere, we need to acknowledge that security is each user’s own business and needs to be treated in a serious way. Follow these 11 security steps to protect your mobile device.
BYOD Security: Avoid Getting Fired in 11 Vital Steps
1. Install a good security product to protect your device
An antivirus product is still a very good choice to protect your system. Don’t forget to check not only other users’ reviews, but independent websites and expert opinions. Check out our take on this and make your own choice.
Are you using a personal smartphone for work? Don’t forget to protect that device too.
Michael Finneran, Principal at dBrn Associates Inc:
Even with the move to BYOD, information security is still a core IT responsibility.
2. Protect your system against advanced cybercriminal weapons
Are you taking your personal system at work? Then, you need the best security defenses against cybercriminals.
Don’t forget that you have confidential data on your system, which is very important for your company. And for hackers too.
To have the best protection in the world, make sure to use a software that includes:
- a real-time Internet traffic scanner that looks for malicious activity
- a malware removal to detect and remove any threat
- an online scanning engine that checks traffic and analyzes the sites you access
Since the attack surface on smartphones is not so easily accessible to hackers, a security software should be enough.
3. Keep your software up-to-date
This point applies to every mobile device that you may carry with you at work.
For a Windows operating system, simply use a free tool that automatically updates all your vulnerable applications and installs the latest security patches.
For a smartphone device, don’t forget to enable the automatic updates for all your apps.
4. Check your programs and applications
Do you know the programs you have installed on your system? Are you sure they don’t access your private data and share it online? Again, remember it’s not just personal information you have there, but highly sensitive data that is targeted by criminals.
To make sure your system is safe, run regularly your system scans with security software programs from the first 2 points mentioned above.
For your smartphone, use an app reputation scanning to check what you share with others without knowing.
5. Don’t trust yourself, address the experts
A series of security experts from the IT environment were asked what employees can do to protect their devices. Many of them questioned the employees’ attitude and their critical judgement ability.
You know that most companies employ an IT security team and that is for a very good reason: they (usually) know what they’re doing.
Though it may be a small team that simply maintains a server or just reinstalls Windows OS from time to time, they know what they’re doing and are ready to assist any colleague with precious information.
So, talk to them, show them your devices and ask for indications. I assure you they’ll provide some valuable information for you. Even more, having their approval on your system’s configuration is important and it may save you in the future (if things go wrong).
David Schwartzberg, Senior Security Engineer at Sophos:
Most employees on a network don’t have the security aptitude to make the right choices when it comes to risk minimization with their own devices.
6. Encrypt your files and your online traffic communication
Your laptop now contains sensitive information, maybe financial details and corporate secrets. Usually this hidden information is targeted by hackers, so they may sell it further to the interested parties.
For this reason, encryption methods are essential in our quest for security.
How do I encrypt my entire HD?
The easiest way to do this on Windows operating system is to use BitLocker encryption tool, which is already integrated into your operating system.
How do I encrypt my files?
You just need to encrypt some important documents and maybe send them over the Internet? Then use 7Zip lightweight solution that can archive and password-protect your files, by using one of the best compression formats.
How do I encrypt my online traffic?
The easiest way to secure your Internet communication is to use a VPN, that is a Virtual Private Network, that can encrypt your Internet channel and keep your data safe from any intercepting attempts. The VPN solution is usually the best way for a remote worker to access the company’s internal database.
7. Keep your devices free of spyware
Spyware tools monitor your Internet traffic and your computer activity to retrieve private data from your system.
In case of an infection, your system is affected by multiple issues, like system slow-down, browser pop-ups, new toolbars and error messages.
And the problem becomes bigger when you have such malicious tools that target private data, like corporate data. To avoid problems, follow these general guidelines:
- don’t open mails from unknown people and don’t reply
- the same is valid for direct messages in social media
- don’t put too much personal data on social media accounts
- don’t just go downloading any free software on the system
8. Don’t become a victim of online scams
You may have installed the best tools in the world and are now protected from all sorts of online threats and cyber-criminal activities.
But defense tools are nothing with security education and information. It is a good thing to learn how to detect online scams run by hackers.
These types of threats usually come by social media platforms, even on LinkedIn, and by e-mail. They start with a catchy phrase line and they always target your money.
If your device is used for work too, the phishing e-mails may target more than just personal information.
9. Secure your online activities
How do we know a legitimate website from another one controlled by cyber-criminals? Where do you put your trust?
When using a device that contains private data that may affect a large number of people, you need to pay attention to your steps.
To increase your online security, why don’t you try to answer these 4 simple questions?
- How did you get on that website? Is it really that safe? Why don’t you check what other people say on Trustpilot?
- Is it a legitimate and protected site? Do you see the encryption lock icon? Is it a website that starts with “https://“? If you see that, it means that you are on a website where communication is encrypted.
- Are you using the latest browser version? Does it contain the last security updates? Did you improve your browser settings?
- Did you install a VPN solution on the laptop to protect your online traffic? If you want a plus of security, why don’t you go using the Tor browser that hides your browsing activity by routing your traffic through the Tor network of computers?
10. Backup your personal and corporate information
Back-up solutions are vital for a BYOD. It’s not a choice anymore.
Your computer may contain valuable company information, which you don’t want to lose.
What if your system is held captive by ransomware threats that are designed to block your system until a ransom is paid?
And the problem is that you cannot be sure they will provide the decryption key, even if you send the money.
And what if your system Hard Disk crashes after a while?
Not to mention the aggressive malware that not only steals your information, but erases it afterwards.
11. Protect your corporate and personal credentials
Our credentials are important, since they provide access not only to our personal accounts, but to the company’s database and online resources.
How do we keep them safe? How do we improve them?
Increase your system security by following these 5 rules:
- Make sure you have set a strong password to every personal and company account.
- Do not use the same passwords for private and corporate accounts. Even more, follow this simple rule: one account, one password.
- Too many accounts, too many passwords? Ok, let’s simplify this: use a good password manager, like LastPass, where you set a strong password to access the manager. Your online passwords are there and even if you change your system and browser, you can install LastPass on the new system and use your passwords. LastPass even helps you set some security wise credentials for your accounts.
- Don’t let the browser remember the credentials for you. Just don’t.
- Improve your access with double authentication.
But we have said enough words. We should let the numbers speak for themselves.
Check out this useful infographic from readwrite:
Your device is not your own anymore, if you decided to use it for work, security is now mandatory.
Just imagine that your company is affected by another “Sony Pictures hack”. Will you take the blame?
Do you take your device at work? How do you secure it?
This post was originally published by Aurelian Neagu in May 2015.