Mobile Devices, BYOD, and Security

mobile security
[Disclaimer – Global Data Vault has no affiliation with MDM vendors, does not endorse, and is not endorsed by MDM/EMM/UEM vendors]

We all know that mobile devices are increasing in popularity. In 2018, a Gartner study indicated over 20 billion mobile devices were connected to the internet globally – roughly three devices per person on the planet. People are often inseparable from their devices, using them for communication, social interaction, alarm clocks, and business. Naturally, employees take the devices with them to their places of employment, forcing employers to enact policies regarding their use, both for security and productivity concerns. Alternately, businesses also recognize potential upsides in allowing employees to use personal phones, tablets, and laptops.

Are personal devices in the workplace bad?

The risk to businesses from the use of smartphones and tablets in the workplace is credible. These risks include, but are not limited to:

  • Apps gathering information or introducing malware
  • Accessing and/or saving sensitive corporate data 
  • Taking pictures of sensitive information or areas
  • Loss of productivity

Mobile security concerns are the most relevant. Recently, Snyk released a report identifying a software development kit (SDK) named Mintegral that was part of over 1200 iPhone and iPad applications downloaded 300 million times per month. The SDK allows the app to gather more personal information than is perhaps necessary and redirect ad traffic, stealing the revenue. It is also smart enough to change its behavior if it is being watched or investigated.

With questions around hugely popular TikTok, it is not surprising that we are now discovering more and more examples of this behavior.

Devices allowed to access corporate networks and resources can introduce malware directly into an environment or provide a backdoor for hackers. They can also hog bandwidth and provide means for Dynamic Denial of Service (DDoS) attacks.

What benefits could BYOD have?

Businesses may allow, or even prefer, the use of personal devices for work for a number of reasons:

  •   Reducing hardware expenses
  •   100% remote
  •   Mobile workforce with fewer devices
  •   Increased productivity

Maintaining hardware for employees who need things such as laptops or company phones and/or tablets can introduce significant expense. Many will opt to provide a laptop and some reimbursement for using a personal phone for business use. For some companies, especially those with 100% remote workforces, allowing employees to use what they already have and are comfortable with using is just another perk of employment. Carrying multiple phones is also a hassle. Contrary to losing productivity while office-based employees spend hours on social media, employees who use their own devices are more likely to work outside of regular hours. It is just too convenient to respond to emails from the comfort of your couch in the evenings.

device security

How do BYOD-friendly companies stay secure?

Many businesses rely on mobile device management (MDM) software for both corporate and personal devices, with security policies for each. The software allows for centralized management and control (to a degree), providing risk reduction while both on- and off-premises.

One great feature is the ability to containerize personal and work data. Should the employee leave the company, change phones, lose a phone, etc., the MDM software can remotely remove and scrub the sensitive data without wiping the entire phone. The device can also be easily registered on corporate networks and secured from network resources appropriately.

According to a July 2019 Gartner Magic Quadrant for Enterprise Mobility Management, VMware, Microsoft, and IBM were at the top of the leaderboard. MDM has evolved through various names…Enterprise Mobility Management and Universal Endpoint Management (UEM), being two of them. In 2014, VMware acquired EMM startup AirWatch and has worked to rebrand it as VMware Workstation ONE. Microsoft combines components of Systems Center Configuration Manager and Microsoft Intune in a product named Microsoft Endpoint Manager, and IBM calls theirs IBM Security MaaS360 with Watson.

These products are similar, with supported platforms and operating systems being the largest differentiator, and it seems that Microsoft offers the fewest compatibility options of the three. They all offer SaaS/cloud-based options, and the usual things such as remote wiping, app containerization, and the blocking of copy/paste from email to other applications.

In addition, having security software such as BitLyft in your environment allows for automated monitoring, and incident response should unusual activity occur. You should always maintain proper backups, offsite backups, and disaster recovery practices in the event malware compromises your environment’s resources – no matter the source.

More Cybersecurity articles:

Next Level Backup Protection

Next Level Backup Protection

Next Level Backup Protection Physical and logical security are two important factors when considering backup files. Modern restore capabilities allow for entire virtual machines and systems to be brought back online from a backup very quickly,...

read more