BYOD (Bring Your Own Device)

There's More to IT Security Than a Cyber-Attack

At the beginning of May, the National Crime Agency released its ‘National Strategic Assessment of Serious and Organised Crime 2014’ report. The report showed just how much danger UK businesses are facing from third party cyber-security attacks. It’s clear that the external threats posed by the likes of hacking and viruses are a real issue for businesses, but what the report doesn’t consider is the numerous internal threats that can have an equally potent effect on an organisation.

It’s crucial to acknowledge that employees can put businesses at risk through the way they use and interact with smartphones and tablets. Whether it’s a personally or corporately owned device, employees can download apps, open emails and receive text messages – all of which can open the device up to the kind of external threats mentioned within the report. The danger is magnified by the fact that work-enabled devices have access to as much sensitive corporate data as a desktop PC, the loss of which can lead to financial and reputational consequences.

This is amplified exponentially when a business runs a BYOD policy. As soon as a personal device is corporately enabled, the IT department relinquishes total control and governance of that device. It immediately becomes harder to ensure applications are patched regularly, or that devices aren’t used on public wireless networks, especially when the operating system and type of hardware varies from user to user. And if the employee is taking a phone on a night out to a bar or a restaurant, they are more likely to leave it behind or have it stolen than if it was resting in a laptop bag at home.

The fact is, work devices are a portal to company data and the more people treat them like personal phones, the more at risk a company is.

So who is responsible for preventing these internal risks? We recently conducted research which highlighted that an overwhelming 23% of employees don’t believe that the security of their company’s data is their responsibility. Even more worrying is that only 63% said that there is a formal procedure in place when a device is lost, with a further 30% claiming there are no personal penalties for losing a work device.

So what can be done? Businesses can take responsibility by using careful, intelligent methods to let employees use whatever device is convenient to access business data. It’s possible with more sophisticated solutions to take a granular approach to target the interaction and data being shared, whatever the device.

Increasingly, this preferable alternative lets the employee make the most of their corporate device while mitigating against much of the potential risk for the business. And, when it comes to native apps like email, this approach really is the only feasible solution. The fact is employees’ use of apps and the efficiency gains from working in new ways represent such a leap forward in productivity that they are worth embracing.

Successful security policies that counteract internal threats to an organisation need to offer a holistic approach, encompassing all potential security risks. These measures have to be able to respond to the threat that each device and end-user presents, and be able to act as soon as a device becomes a security risk. Whether this is through unauthorised applications or device usage, data security threats don’t just stop at cyber-security hacking risks.

However, the challenge for businesses is to also give employees the freedom to use their own devices, but without compromising security and productivity. With every corporate device acting as a potential gateway into a business’ infrastructure, cyber security provisions must extend beyond the firewall.


Stephen Midgley is Vice President of Global Marketing at Absolute Software


« NSA Fallout Continues, Threatening US Tech Leadership


Rant: Dumb Smartwatches Say A Lot »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?