“It’s Just Email”: Misconceptions About BYOD Risks

“Off to the gym after work!” A quote from a celebrity or philosopher. A snapshot of the snow falling outside your office window. These are just some of the things you might post to your Facebook page from your mobile device while you’re at work. Or maybe you send a tweet about the latest celebrity scandal or forward an interesting article to your mom using your work email. On the surface, you might think these posts are completely innocuous. And speaking content-wise, you might be right. An Instagram photo of a snowy scene doesn’t present any inherent risks — unless of course, your company is the intended victim of a targeted attack and a cybercriminal is monitoring your activity, looking for a means to gain access to your company’s network.

The consumerization of IT — allowing employees to use their own devices for work functions — brings with it a host of security concerns that must be addressed. Because, as Trend Micro reports, many employers are shifting to a bring-your-own-device (BYOD) environment in an effort to increase productivity and follow current trends — it’s important for IT departments (and employees) to understand what such a shift means in terms of security and avoid common misconceptions that often lead to security issues.

How Criminals Use Mobile Devices to Access Data

With smartphones and tablets enabled to perform almost any task that a computer can, employees are using their mobile devices to do everything from check email to produce quotes for customers. Mobile devices serve both as on-the-go storage devices, full of contacts and proprietary information, and a means of access to a corporate network.

The simplest way that criminals can access corporate networks and steal data is by getting their hands on the device. Every day, hundreds of mobile devices are lost or stolen. In some cases, the theft is deliberate, but in others, criminals just get lucky. Loss and theft is a definite concern among IT security professionals, but the greater security risk comes from the phone itself. Viruses, malware and madware specifically targeted to mobile devices are becoming increasingly common. Employee devices may become inadvertently infected with this harmful software via a malicious app or by the user opening an email or instant message on their phone. The app works in the background, collecting data such as contact lists, calls made and messages sent, or by monitoring logins to the company network.

When a criminal accesses the company network via a cloud-based service or an employee’s password-protected access, he can then cull information and data from the internal servers and transfer it to an external server — often before anyone notices that there is a problem.

Protecting Devices Requires a Plan

Although many companies mistakenly believe that accessing email — or other company networks — via mobile devices without safeguards isn’t really dangerous, just as many organizations mistakenly believe that protecting their network is difficult or impossible.

Securing your data in the BYOD environment requires a two-pronged approach: a comprehensive mobile-device-management (MDM) protocol coupled with data-protection solutions that limit access to the network without proper authentication and regularly audit the network for unauthorized or unusual access.

As part of the MDM plan, employees need to let go of the notion that they maintain full control of the devices they use for work. The best security plans allow for a certain amount of freedom — obviously, employees will be using their devices for personal reasons — with restrictions and safeguards. Acceptable-use policies, for example, may govern which websites or apps an employee can access with a work device, and remote locking or wiping capabilities will be employed when the device is lost or stolen or after a certain number of failed log-in attempts.

Understanding the realities of the BYOD environment and taking necessary precautions will save businesses time, money and public relations’ nightmares. Employees need to understand that the freedom to use their preferred device comes with some responsibilities and limitations — and that their email (and social media and app use) does make a difference and needs to be protected.

About the Author: Betsy Woodman covers social media, technology and the BYOD revolution for several blogs and websites. Betsy relies on Trend Micro products for all her security needs.