Last month, HM Revenue and Customs (HMRC) declared its intentions to ignore the government’s advice on BYOD (bring your own device), citing concerns around the security of its employees’ devices.
HMRC’s view is that because it can not guarantee that its employees’ devices would meet its security criteria, it would rather abstain from BYOD altogether. HMRC is not the first organisation to come to this conclusion, but increasing numbers of organisations are taking a different view.
In a recent study, 91% of IT decision makers said that their company allowed the use of removable storage devices on the corporate network. These devices included USB flash drives (83% permitted their use), smartphones (72%), external hard drives (65%), memory cards (56%), optical media (49%) and tablets (a lowly 6%). Just 9% of IT decision makers reported that their company does not allow any removable storage devices to be used, so it seems that the BYOD trend shows no signs of slowing.
Organisations that keep ahead of threats with best practice will always be better prepared to combat risk, and will be more secure as a result. Here are 5 top tips which security professionals can use as a starting point to better secure the network and company data against the advance of BYOD.
1. Don’t hire a firewall tester
Just assume that attackers will always find a way to ‘get in’. Instead focus on staff training and education – 75% of organisations have suffered data loss from negligent or malicious insiders.
2. Most employees will log onto the corporate network…
via their personal devices even if they are told they shouldn’t. More than 50% of employees use portable devices to take confidential data out of their companies every day.
3. Employees value convenience more than security
If a security policy is overly cumbersome or inconvenient, staff will find a way around it. Don’t underestimate the ingenuity of employees looking to circumvent procedures that slow them down.
4. Flash drives will be lost and IT will never know about it
In some cases, losing a £5 flash drive can be even worse than losing a laptop. Stolen or lost laptops are reported, whereas £5 flash drives are quietly replaced. Use encrypted flash drives to avoid this problem or just don’t use them at all — right now only 35% of companies enforce data encryption on company-issued devices.
5. The strongest defence against a breach is employees
Providing employees with training on good security practices is the most efficient measure. Everyone should learn how to recognise phishing attacks and fake anti-virus software advertisements — if it looks too good to be true, it really is.