Trying to anticipate cyberattacks is a headache for most organizations. Another sore point is the provision of employee-owned devices, which puts extra strain on IT.
As a result, personal devices are often overlooked or protection is limited to the secure business applications used on the devices, according to Gaidar Magdanurov, Acronis’ chief success officer.
This means that employees move company data to personal devices and share it through insecure channels such as personal email or file-sharing applications. Or they store information in the device’s memory outside of the secure enterprise application. While this can be convenient for employees, it poses significant security risks for small and medium-sized businesses (SMBs).
The practice of putting your own device (BYOD) to work has long been a slippery slope. These devices move to and from the protected corporate perimeter and are often connected to unsecured public networks – potentially exposing data to third parties, Magdanurov said.
Devices can be lost or stolen, and without a device management solution, the ability to remotely delete and block is not an IT option.
“The bottom line is that the moment the data reaches the device owned by an employee, IT loses control of it and can be of little help in protecting the data and the device,” says Magdanurov.
Pros and cons of BYOD
Most small businesses typically rely on employees to use their own devices, as issuing company-owned devices can exaggerate the IT budget. In addition to cost savings, another advantage of BYOD is increased employee productivity. People who use their own devices for both personal reasons and work get more flexibility.
However, while BYOD is reducing the workload when buying devices, the IT or managed service provider (MSP) must insist on software that protects these devices, Magdanurov said. This is because employees have taken advantage of the convenience and sometimes already use multiple devices, which expands the surface of the attack and creates additional complexity. In addition, as remote work skyrocketed during the pandemic, IT organizations saw their control loosen.
“The expansion of BYOD and the tendency of employees to deactivate security controls on their home networks and on their own devices have dramatically increased the exposure to security threats and increased the burden on IT organizations,” said Magdanurov.
How to seamlessly protect BYOD and protect company data
There are several steps that SMEs can take to protect both employees’ devices and company data. First, analyze how personal devices are used and which applications and data are needed on these devices, says Magdanurov.
“Then introduce a BYOD policy and train staff on the policy. This includes which applications should be used, how the data should be processed, what to do in case of problems with the device and the procedure to be taken if the device is lost and stolen, “he said.
The BYOD policy must include software tools for:
- restricting access to data and preventing data leakage
- monitoring tools to locate data and provide information on data access models
- detecting suspicious behavior and preventing access to sensitive data in insecure places.
Another important step is regular employee security training on phishing. For example, educate employees about how easily hackers trick people into revealing sensitive information and the need to be vigilant while on the company’s network.
“Many organizations forget about training or do it informally,” says Magdanurov, “but employees are vulnerable to security threats, and untrained employees pose a much greater security risk than BYOD.”
Click here to see how Acronis can help improve your security position.
Copyright © 2022 IDG Communications, Inc.