Risk Management
  • Home
  • Features
  • Columns
    • ForeFront
    • Last Word
    • Findings
    • Q&A
    • Time Line
    • Risk Atlas
    • Fine Print
  • Topics
    • Insurance
    • Enterprise Risk Management
    • Strategic Risk Management
    • Natural Catastrophes
    • Cyber Risk
    • Pandemics
    • Emerging Risks
    • International
  • Blog
  • Digital Issue
  • Subscribe
  • RIMS.org
  • Home
  • 2017
  • December
  • 1
  • How to Manage Personal Device Risk

How to Manage Personal Device Risk

Domingo Guerra
December 1, 2017November 10, 2017 No Comments
byod risk management Technology

byod risk management

In the decade since the iPhone was released in 2007, mobile device adoption has exploded in the workplace. Bring your own device (BYOD) policies are proliferating at a faster rate than the use of corporate-owned devices. Many security teams have moved to control corporate-owned devices with enterprise mobility management programs, and some go as far as actually securing these devices with mobile threat defense solutions. For the most part, however, employees’ personal devices are left unprotected.

Some believe that it is the employee’s responsibility—that IT only needs to care about protecting corporate assets and corporate data. But there is now sufficient evidence that BYOD not only brings huge cybersecurity risks to the enterprise, but even poses a major national security concern.

In October, Politico broke the news that White House Chief of Staff John Kelly’s personal device was compromised as far back as 2016. Kelly reported that his phone stopped working properly in December, after he entered the transition office space, yet he kept using his device until he turned it in to the White House IT team in August. During that time Kelly also served as secretary of Homeland Security.

Officials are scrambling to determine how Kelly’s device was compromised—whether it was signed onto an insecure wireless network, whether a malicious actor or foreign government had physical access to the device, or whether a remote exploit was leveraged. The White House is also exploring new rules for personal devices, including banning them from the president’s residence and the West Wing. But at present, no rules have been implemented and many aides continue to use personal phones in the workplace.

The National Security Agency warned White House staffers during the transition to avoid using personal devices and email. With multiple cameras and microphones that can easily be controlled remotely, smartphones make the perfect spy tool. If attackers gain control over a mobile device, they can monitor a user’s every move, read all communication, including text messages and emails, access the address book and calendar, and record videos or pictures.

Reports also emerged in October that Russia is hacking into the personal devices of NATO soldiers who are stationed near the Russian border. The hackers are not only compromising these personal devices, but also the soldiers’ online accounts like Facebook and iCloud. The malicious actors are reportedly using highly sophisticated tools, including special antennas and drones specifically equipped to compromise phones.

Addressing the BYOD Threat

By now, we should all know that personal mobile devices are being used at work. These devices often access corporate email, documents and Wi-Fi networks. That should be reason enough to manage and protect these devices with enterprise mobility management and mobile threat defense solutions. Even in environments where users are given a corporate device but are allowed to have personal devices on their person, the recent news confirms that BYOD risk is a real concern in any workplace. Even if it does not have direct access to corporate data, a compromised personal device could easily record sights and sounds, enabling attackers to access private or privileged content and conversations.

In order to combat this threat, IT and security teams first need to acknowledge that mobile devices present a huge cybersecurity threat to their organizations. All mobile devices, whether BYOD or corporate-owned, need to be managed and protected.

Some worry about the privacy implications of managing a personal device, but most enterprise mobility management products have “privacy modes” that enable IT to secure the devices without “spying” on users. Further, employees are hungry for mobile security solutions to protect their own data and privacy.

That means user education is crucial. Without addressing the human element and changing user behavior for the better, they will make the same security mistakes over and over. Users do not download risky or malicious apps or connect to risky Wi-Fi on purpose. They do so because, without being armed with the right security solutions, they do not know any better. The good news is that, unlike with other enterprise security concerns, mobility creates an opportunity for IT and security teams to make it personal. If you ask an employee to help protect the company network, they may not be interested, viewing that as an IT concern. If, however, you communicate that mobile security is a benefit the company is providing that allows employees to better protect their personal data and mobile devices, adoption may increase exponentially.

Plus, by providing real-time user education on mobile risks and how to remediate them, users learn to safeguard their data and privacy and, in turn, improve the enterprise’s security profile at the same time. Minimizing the number of threats and stopping them before they get into the enterprise environment is the best way to manage security at the perimeter. By running automated detection and remediation mechanisms simultaneously for when employees do not auto-remediate in a timely fashion, IT and security teams will be able to thwart mobile attacks.

Post navigation

Inside New York’s Cyber Regulation
Risk Management’s Strategic Role

Related Articles

Strategic Risk Management

Recognizing Strategic Risks and the Role of the CRO

Donna Galer and Al Decker
March 8, 2021March 2, 2021 No Comments
Diversity and Inclusion

D&I Meets D&O

Claire-Marie Coste-Lepoutre
March 1, 2021February 23, 2021 No Comments
Feat-Brexit Brexit

Brexit Becomes Reality

Neil Hodge
March 1, 2021February 22, 2021 No Comments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

2 × 2 =

Current Issue

Don’t Miss Out

With many continuing to work remotely, keep in mind that you can always update your mailing address by clicking here to ensure future issues of Risk Management are sent directly to you.

RSS Risk Management Monitor blog

  • Texas Cold Crisis: Insurance Options for Severe Weather Disruption March 3, 2021
  • Preparing for the Next Stage of the COVID-19 Pandemic at RIMS Content Roundtable March 1, 2021
  • Human Trafficking and Supply Chains: Q&A with Tim Nelson of the Slave-Free Alliance February 12, 2021
  • How to Prepare Now for Your Next Crisis Post-COVID February 3, 2021
  • Strengthening Diversity, Equity and Inclusion Efforts February 1, 2021
Copyright 2020. All rights reserved | Theme: OMag by LilyTurf Themes
  • About
  • Subscribe
  • Advertise
  • Contribute
  • Editorial Calendar
  • Contact
  • Privacy