The following article is part of our National Cyber Security Awareness Month (NCSAM) Article Series and focuses on how firms can keep data secure in a BYOD environment. If you missed our first article, click here to read about “The Top Three Cybersecurity Misconceptions”.
How often do firm employees complete work tasks on a personal phone or laptop? The answer might be every day. This is commonly known as BYOD, or Bring Your Own Device. Firms that allow employees to use personal devices for business purposes need to clearly define policies and procedures to reduce security risks. Maintaining work data on a personal device opens the opportunity for risk and; therefore, requires a great deal of device vigilance and proactive security measures.
If a device is lost or stolen, sensitive business information can fall into the wrong hands. Lost or stolen devices can inevitably lead to compromised company data falling into unwanted hands. The following are some tips for strengthening your firm’s mobile security:
AUTHENTICATION
Accessing company data on a personal device is made far more secure by enabling two-factor authentication. This requires a user to authenticate using two components before they can utilize a device. An example of this is when a user logs into a device with a username and password (or passcode) and following the password submission the user is then required to enter a verification code to proceed with authentication. This code is delivered via text or email to another trusted device in the user’s possession. The verification code expires after a short period of time to prevent reuse. Additionally, the use of biometric technology, such as Windows Hello facial and fingerprint recognition, can be used for two-factor authentication. If your device is stolen, accessing its content without authenticating will be extremely difficult.
ENCRYPTION
In the event that an employee or contractor loses their device, firms should proactively utilize storage encryption technology to mitigate risk. Windows’ BitLocker Drive Encryption is a data protection feature that is designed to protect user data and prevent tampering. BitLocker provides full disk encryption and aims to prevent unauthorized access by enhancing system protection and will render data inaccessible from decommissioned computers. The only way to decrypt the disk is with a key that is sent to a Microsoft or Active Directory account that is associated with the device. Additionally, BitLocker can be configured to lock during the startup process until a user provides a PIN or a removable device, such as a USB drive, containing a startup key. Both of which are further examples of multifactor authentication. The machine will not be able to resume from hibernation mode until the required authentication tool is supplied by the device owner.
REMOTE CONTROL
Firms can install software on personal devices so that, if they are stolen or misplaced, the contents can be wiped remotely. Businesses can also be selective in what data is erased. For example, they may solely remove corporate data but allow the personal data to remain. The device can also be remotely locked and a password reset can be performed if necessary. An example software is Windows Enterprise Mobility and Security Suite’s Selective Wipe tool.
SECURE CONNECTIONS
While protecting your device is crucial, it is also imperative that you be aware of your surroundings while using your device to access company resources. As a best practice, you should avoid completing work duties over an unsecured wireless channel. Instead, utilize a Virtual Private Network (VPN), which will encrypt data transmission between your location and work, making it illegible to outside parties. This can be easily enabled on a smartphone and laptops. Essentially, it creates an encrypted tunnel that only authorized users can access and data cannot be intercepted. The VPN is likely behind a firewall, making interception even more difficult.
POLICIES AND PROCEDURES
It’s crucial for firms to implement a thorough BYOD policy to maintain the confidentiality of data and help protect the company from security threats. Security controls, such as mobile device management (MDM), act as an extension to the organization’s overall breach prevention strategy. This enables enterprises to centrally manage policies, apply them from the cloud and protect business data on mobile devices. Not only should the policy be enforced, but firms should also provide employee security awareness training. Training modules will help staff to understand BYOD policies and guidelines, as well as, the risks associated with BYOD devices.
As you develop your company’s BYOD strategy, be sure to consider the following aspects:
- Mobile Device Management (MDM) Policy
- Acceptable Use Policy
- Supported Devices
- Disclaimers/Risks/Liabilities
- Password Policy
- User Acknowledgement and Agreement
Taking these steps will help to secure and control sensitive corporate data on BYOD devices.
For more information about our services, contact info@align.com or visit: www.aligncybersecurity.com and www.align.com