The Lack of BYOD Security Policies: What's Happening and What Businesses Can Do
BYOD isn't a new concept, so why do so many enterprise wireless networks lack the necessary security policies to safely support it?
A recent survey conducted by Champion Solutions Group, found that out of 447 businesses that both varied in size and vertical market, over one-half of them didn't have a formal BYOD policy and over a quarter admitted they do not have a proper security approach to supporting BYOD.
This is rather concerning considering it's expected that one out of every two businesses will not be able to provide devices to their employees by 2017.
With security being a main concern for almost every individual relating to anything wireless today, these results are surprising.
There is no doubt that BYOD and the use of personal devices has increased productivity of employees. There are varying applications, services, and resources that mobile devices allow workers to use to help them with their jobs on a regular basis.
According to HP, 97% of devices contained privacy issues and 75% of devices lacked proper data encryption. This puts businesses at great risk if they're not implementing the proper BYOD policies.
The Champion survey revealed only 21% of businesses are using multifactor authentication (MFA) to verify identity when giving permission to access sensitive data and applications within a business.
MFA allows varying techniques to require at least two methods of authentication with independent areas of credentials. Applications such as Facebook and even Gmail offer two step verification processes to help ensure security of your account.
This may be sending a code to your smartphone via text or email to unlock access or specialized one-time passwords for each application.
The use of temporary one-time passwords also helps with the threat of keyboard logging, where hackers track log-in credentials to gain access.
While the use of biometric authorization (fingerprints and iris scanning) has not become a mainstream practice, it is undoubtedly going to increase in popularity.
The survey also found almost a quarter of businesses do not lock out users after repeated failed sign in attempts.
This lack of security in itself is rather risky, allowing for large scale attacks. Even worse, almost one-third of businesses do not require alphanumeric passwords, which is a basic measure to help with security risks.
We always recommend role-based access control when it comes to securely supporting BYOD. Role-based access control allows you to control access to your network by creating rules based on who, what, where and when.
Every industry possesses sensitive data, some more sensitive than others, but whether you’re in education protecting student records including financial, health, and other sensitive data, or you’re a hospital keeping patient records confidential and in the hands of specified employees, the importance of security is unmatched.
With the increase in BYOD across the board, security mistakes and mishaps are inevitable, however, with the right technology tools and data security strategies in place you can ensure you're ready for anything that comes your way.
If you have any questions about supporting BYOD please contact us here, we'd love to see how we can help.