Are We Secure Enough for Mandatory BYOD?
Gartner recently released a study finding that by 2017, BYOD in the workplace is going to be mandatory.
Whether Gartner is correct in its assessment, I do not know. Four years is a long time, and technology changes so fast. Who even knows what we’ll be using for our computing in 2017.
What I do know is that BYOD is growing stronger, and if we do become a BYOD workforce in the coming years, we better start thinking a lot harder about mobile security. I mean, thinking outside the box of what we would normally think about with mobile device security. As a PC World article said, if you are smart with the basic security practices – primarily downloading apps only from trusted sources – you already have a leg up on security.
However, security goes beyond malicious apps and putting good AV software on your device of choice. As we know, the bad guys are getting smarter, so we have to protect against that. The PC World piece stated:
Lookout recently identified the BadNews malware family, which disguised itself as an everyday ad network to sneak 32 apps into Google Play, and then began acting maliciously only after those apps had been downloaded between 2 million and 9 million times. Built-in app store security doesn't protect against trickery like that.
But there is more to security than malware or falling for phishing schemes, which, the PC World article pointed out, is a serious problem for those on iOS platforms. It is also about the physical security of your device. (And based on some of the news stories I’ve seen and personal stories I’ve heard, personal security is also an issue, as thieves have become quite bold about ripping the phone right out of your hand.) How well protected is the device if it is stolen or lost? What is on your phone that could put you or your company at risk and how well is that protected?
The ideal security setup is to password-protect and lock the device, but surveys show that the majority of users aren’t doing that. After that, the device should have remote wipe, but that isn’t a fool-proof security method either. According to computer forensics experts, deleted data lingers in your phone or tablet, just like it does on your computer, and devices to extract that data are cheap and easily available online.
If we are going to be a BYOD workforce in the not-too-distant future, then IT and security departments are going to have to dig in deeper and harder when it comes to security policies. And frankly, in my opinion, if there will be any deterrent to the mandatory BYOD workforce, security might be it.