sb-nz logo
Story image

BYOD security in remote work era still riddled with issues

10 Jul 2020

Bring your own device (BYOD) programs have existed for years -and with the massive uptake in remote working, it seems that BYOD security is once again in the spotlight.

Bitglass’ 2020 BYOD Report suggests that BYOD and personal device security in organisations still leave much to be desired, even as more organisations adopt flexible BYOD arrangements.

According to the report, 66% of polled respondents say that employees at their organisation are permitted to use personal devices for work, while many other organisations enable BYOD for contractors, partners, and suppliers.

Furthermore, respondents are aware of security risks such as data leakage, which is a top concern for 63% of respondents. Users downloading unsafe apps or content also ranked highly (57%), followed by lost or stolen devices (55%), unauthorised access to data and systems is also a concern (53%), and risk of malware infections (52%).

Other risks include the inability to control endpoint security, the logistics of device management, ensuring software is up to date, and compliance.

Despite being aware of the risks associated with BYOD, organisations are still leaving major gaps in their efforts to secure corporate data.

According to the report, 51% of organisations have no visibility into file sharing apps, 30% have no visibility or control over mobile enterprise messaging tools, and 9% use cloud-based anti-malware solutions.

However, BYOD also presents privacy issues, which may be why security policies are floundering somewhat. 

Organisations need physical access to corporate-owned devices and managed endpoints, but it’s a different story when a BYOD device is owned by an employee.

Respondents say that they need the following things when provisioning a managed mobile device: Physical access (59%), a device PIN (52%), root access (36%), a user’s cloud backup password (21), and other (12%).

Many organisations report they have visibility into the following applications on BYOD: email (74%), calendar (57%), contacts (57%), messaging (50%), file sharing (49%), cloud backup (34%), document editing (31%), virtual desktop (24%), and other (12%).

Bitglass CTO Anurag Kahol explains, “The top two reasons enterprises hesitate to enable BYOD relate to company security and employee privacy. However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables.”

Kahol suggests that organisations implement comprehensive cloud-based security platforms that secure all interactions between users, devices, apps, and web destinations.

The report suggests that organisations use data loss prevention (DLP) to protect data at rest and in transit, even across personal endpoints. They should also used agentless advanced threat protection to block threats.

Organisations could also consider selective wipes for removing company data from employees’ personal devices without affecting their own personal data.

Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More