Many organizations have accepted bring your own device (BYOD) policies as an inevitable part of modern technology. However, leaders often worry that using personal phones, tablets and laptops to transfer company-related data compromises security.
In a recent Bitglass study, a third of 400 IT experts said they weren’t comfortable with BYOD policies. This is due to shadow IT, data leakage and data access by bad actors. With the General Data Protection Regulation (GDPR) and other privacy movements on the rise, IT leaders want to ensure the security of the organization’s and customer data, especially when it comes to mobile devices.
Personal Devices in the Enterprise
Not long ago, all corporations cringed at the thought of employees working on their own devices. Workers had already been using their own desktops and laptops to access company systems. However, the advent of tablets and smartphones changed the playing field in a number of ways. First, more people wanted to be able to use their own devices to finish their work. Second, the security of these devices was a matter of some question.
The rising trend of nearly universal smartphone usage, emerging internet of things (IoT) technology and wearable devices has graduated from home to the workplace. That means that more employees want to use their own devices for both personal and work use. Many employees feel more productive when using devices they’ve chosen as well as their favorite software and apps. The same Bitglass study shows that this extends to contractors, vendors and clients.
Security Hasn’t Changed Much
Concerns over security on mobile devices are well-founded. At the end of the day, security hasn’t changed all that much. Threat actors use personal email passwords to access corporate and personal data via poorly protected mobile devices. Only half of the companies surveyed required basic mobile security, such as mobile device management tools. In many cases, security teams can’t monitor apps used on personal devices used to access company data.
The Problem with Passwords
Threat actors target mobile devices in search of passwords, which provide the keys to the data kingdom. Most passwords are neither encrypted nor protected when entered on mobile devices. Since most people repeat passwords on their personal and professional devices, threat actors are able to gain unlimited access to company networks via the personal devices of employees.
Many companies don’t want to make hard decisions required to fully protect their networks. These may involve invasive monitoring of any device that connects to the network and the frequent changing of complex passwords, which could go a long way to thwarting hackers. Enterprises that outsource their data storage and access can request free trial on VPN services. This lets them vet out reputable firms to serve as a reliable IT management and security partner.