According to the Identity Theft Resource Center, more than 169 million personal records were exposed as a result of 781 publicized security breaches across the financial, business, education, government and health-care sectors in 2015. As shocking as these numbers are, they may not fully convey the scope of the threat: Any company or consumer that connects to the Internet is at risk of becoming a victim of a cyberattack.
The challenge of protecting networks from these attacks has been exacerbated by the bring-your-own-device phenomenon, which opens the door to new vulnerabilities for many organizations daily. More and more, business is taking place over personal devices as employees work from home or travel. For some staff members, relying on their own laptops, tablets and smartphones is simply a matter of personal preference.
The problem is that personal devices provide an easy entry point for attackers to gain access to valuable information. Most companies struggle to develop device-usage policies as well as protocols and, often with even more difficulty, to implement and monitor regulations around personal devices.
Managing BYOD has added stress to already maxed-out IT departments, which must take care not to infringe on personal privacy at the same time they work to protect networks as more personal devices are connected.
Ninety percent of organizations have no idea what is actually on their network, and knowing this information should be the first step in network protection. The use of segmentation, virtual private networks and software tools are three ways companies can better protect their networks from uncertified devices but still support the flexibility and convenience that the mobile workforce provides. Let’s take a deeper look at each of these.
An array of diverse information crosses networks every day. A critical line of defense all IT departments should use to protect networks from BYOD vulnerabilities is proper segmentation. This method separates highly sensitive account information from less-critical data such as marketing documents.
Before segmenting networks, the IT department must fully understand how information flows in and out of the organization. It must also determine which data is critical to daily operations and develop a plan to protect it. Customer-account and personnel information should have extra protection.
Another segmenting strategy is to determine which employees need access to what information. Lenders and marketers have different access requirements. Networks should be segmented according to job function and leave little room for flexibility.
The main component in effective network segmentation is constant monitoring. As business needs change, making sure access is granted without compromising the overall segmentation plan is crucial. Continuous monitoring takes additional work for IT departments, which is why it often falls off the radar. Segmentation is not meant to be set up and forgotten; it requires vigilance and updating.
If an employee needs access to multiple areas of a network, building a firewall will help control incoming and outgoing network traffic on the basis of a set of rules. IT departments can develop those rules and segment networks per user to give employees access to the information they need to perform specific job functions.
Virtual Private Networks (VPNs)
Employees in a mobile workforce often conduct business from hotel rooms and coffee shops as well as on trains commuting to the office. If an employee on a business trip is connecting to the office network through hotel Wi-Fi shared by all guests, anyone who is on the hotel network and wants to gain access to the device could potentially do so.
It’s difficult to manage devices and protect networks while allowing business to continue outside the office walls. Many organizations have found it beneficial to implement a virtual private network (VPN) to add security and privacy when using public networks. The Internet becomes the medium for transporting data over a secure, encrypted private network, allowing only authorized users to access that network.
When connecting to a VPN, a login with personalized credentials is required. The computer exchanges trusted keys with a remote server to perform authentication and then launches encryption, securing the information.
Many VPN options are on the market, each offering different features and connectivity agreements. And, of course, they vary greatly in cost. Implementing a VPN requires some initial research to determine a balance of features from connectivity protocols and price to server location. IT departments must do a full analysis of how employees will be connecting to the network before selecting a virtual private network to manage BYOD.
Another way IT departments can tackle the challenges associated with BYOD is through mobile-device-management (MDM) software designed specifically to monitor devices. MDM software ensures that employees are making proper security updates to their devices and meeting protocols for each business setting. IT departments use this software to monitor, manage and secure employee mobile devices.
Many MDM software options are on the market. The level of granularity required by an organization has the biggest impact on which product is right. One important feature to look for in MDM software is enforced approved applications. This feature enforces full device encryption, password protection and mobile-device management.
Once they’ve selected management software, IT managers can build profiles on the basis of job function using the software. If, for example, only a handful of employees require access to financial information, predetermined profiles can help regulate accessibility to this data.
The benefit of MDM software is that it can run across many different operating systems and wireless carriers, reducing the time IT staff spends determining how to manage numerous devices. Pricing and features of MDM solutions vary greatly, so organizations should do their homework before signing on with a particular provider.
Companies can take as many precautions as possible using IT BYOD protocols, but ultimately, human beings are attached to those devices. Continuous employee education is an important aspect to protecting networks from BYOD vulnerabilities. Walking employees through what it would look like if the company suffered a data breach, and offering a brief demonstration on how external devices are easy entry points, will give employees some cybersecurity context.
Providing basic tips about the dangers of opening malicious links in emails and text messages will help educate employees on what to look for and how hackers can easily gain access to company networks. Remember, high-level executives and IT departments are not exempt from cybersecurity education. In fact, because they often have more access to sensitive materials, they are the perfect targets for someone wanting to do damage.
Although the ability to work from any device anywhere adds flexibility and accessibility for employees, the security considerations of BYOD are complicated and often difficult for IT staffs to manage. Advances in how business is conducted will continue to present new security threats, and IT departments will continue to be tasked with the challenge of keeping up with changing technology and business protocol, all while keeping data secure. The best way to manage devices is to monitor and know what’s on your network.
About the Author
Adam Roth is a cybersecurity specialist with Dynamic Solutions International, a Denver-based data storage company specializing in providing complete storage solutions to highly regulated environments.