A few years ago, the only thing we worried about when we lost a phone was the list of contacts lost along with it. And once we filled up our new phonebook, life went back to normal. But that was a few years ago.
With more and more people now using one device for both their personal and professional lives, we have passed the Bring Your Own Device (BYOD) phase, where employees use and bring personal devices into the workplace, and stumbled into a Bring Your Own Security or BYOS phase, especially as we carry around company data, emails and possibly sensitive information. If we lose our devices, family photos and friend’s contact details will be the least of our worries.
It is important for organisations to provide cybersecurity training to all BYOD employees
A joint survey on mobile workstyles in the UAE by Citrix and YouGov released earlier this year highlights the alarmingly low number of one in ten companies actively offering a BYOD policy in the workplace. However, 54 per cent of the full and part-time employees surveyed were free to bring their own devices into the workplace. In half of these cases, IT support was reserved for company-issued devices only.
“In today’s world, we carry a lot of information on our phones and most of us, if not all, have smartphones synchronised with office email as well,” says Aji Joseph, General Manager of ESET Middle East, an IT security company. “There is sensitive data on our phones. The phone could cost around Dh2,000, but the information on it probably costs a lot more.”
As far as securing employees’ devices goes, Vittorio Viarengo, Vice-President Marketing End-User Computing, VMware, says, “In some companies it has become a recruiting problem because you have the younger generation of workers coming into the enterprise and they prefer using their Macs and their tablets. Also, executives are now coming in with their iPads, so everybody talks about it. Now the industry is moving from talking and panicking to doing something about it.”
Viarengo says VMware offers several solutions that are preconfigured on employees’ devices directly by the company IT department. “Once the client is configured by IT, they can design it so that people cannot use USB ports, cannot print, etc., so data never leaves the company. We can also wrap security around individual
applications. For example, you can set up an individual pin on the application itself. And if I lose the device, IT can wipe the phone. It’s a great security model for BYOD.”
If it does come down to securing your own device, there are several free smartphone and tablet applications offering basic security options. You will have to pull out your credit card for something more comprehensive.
ESET Mobile Security, a free and stand alone application available in the Google Play app store, protects your smartphone or tablet from any form of attack with a few impressive features. Besides a basic antivirus, the full version of the software also features GPS localisation, remote lock and, as a last resort, a remote wipe feature.
The last and most interesting feature is SIM matching, where the device will automatically send a mail or message with the new SIM card’s number to a predefined address. “You then walk into a du or Etisalat store,” says Joseph, “run the SIM number and get the person’s number, name and all the details associated with the SIM card.”
Similar to ESET’s security offering, Android users can also use the Norton Antivirus and Security application. iOS and BlackBerry users can also protect their data with applications such as McAfee WaveSecure and Kaspersky Mobile Security respectively.
Miroslav Mikus, Channel Sales Manager EMEA, ESET, says the company has seen a very high interest, especially on Google Play. “People are starting to understand that there are a lot of threats and especially features such as antitheft have become very important.”
But several important questions need to be dealt with too: is your device secure and if not, who is responsible for it? Are organisations required to pay for the necessary software or for educating their employees on essential BYOD security?
“BYOD involves commitment from both the employer and employees,” says Joseph. “The first step is to develop and enforce a clear, written policy that lets employees know what work-related data they may access with their own devices. It is also important for organisations to provide cybersecurity training to all BYOD employees. That training should include the importance of physical security, Wi-Fi security and social engineering attacks.”
Joseph also suggests that an organisation’s IT department should make it a mandatory requirement to have password-protected auto-locking features on personal devices used for work and to encrypt work-related data used on personal devices.