News

Does your BYOD policy ensure data security?

Tue, 13/10/2015 - 13:35

Addressing the consumerization of IT in the workplace is not an easy task. The nuances of usage and the complexity of tracking things like features and settings, bugs and vulnerabilities between devices and operating systems makes it a challenge to anyone managing a BYOD policy. We note some key risks your policy should not be ignorant of.

Vulnerability in OS X

In adding to the controversy of Apple blocking custom development for Mac operating systems with its Gatekeeper utility, a vulnerability was discovered in OS X that would allow unsigned developers to bypass app restrictions. MacBooks run on OS X and since laptops are becoming more popular with the global BYOD trend, Apple responded quickly with a patch. But, Patrick Wardle, the head of research at Synack and the original vulnerability discoverer, says that the operating system still contains other vulnerabilities that could pose a risk to data security.

As reported by The Register.co.uk this month, Andrew Avanessian, VP at security tools firm Avecto says, "... many of the security mechanisms built into OS X are not suitable for enterprise-level security. With Gatekeeper being simply bypassed, it is time for organisations to consider layering extra defences on top – such as privilege management and application control – in order to mitigate attacks and prevent unwanted content from executing."

Vulnerability in Android

Apple fanboys will be glad to know that Android is no treat either. Most notably is the Stagefright bug which affects Android versions 2.2 (Froyo) to 5.1 (Lollipop). (See more version names here.) Stagefright basically results in code being executed when the preview of a video received in an MMS is generated. Said code could easily be made malicious by an attacker and will be executed by the device even without the user actually watching the targeted video.

A quick trip to AndroidVulnerabilities.org shows a steady increase in the number of "insecure" Androids of the past few years. Some of this is owed to the fact that manufacturers aren't releasing Android updates for their devices fast enough even though new versions are being released by Google. Since Android is projected to be the mobile operating system of choice, over Apple's iOS and Microsoft's Windows, for the next four years, it should be ringing the data security alarm bells for BYOD policy makers.

Devices on the Internet

Ipsos reported that 65% of smartphone users in the US intend on using their devices to do some shopping this holiday season. It's worth considering how this trend could impact your data security and whether your BYOD policy accommodates this. At the very least, it could be worth restricting online shopping sites to a trusted list.

BYOD policy tips

From laptops to tablets, operating system providers like Google, Apple and Microsoft are fighting for their reputations when it comes to eliminating bugs in their software and patching vulnerabilities. If your company has decided to adopt BYOD, they'll be bringing the fight to your doorstep. Your first line of defence is to clearly define and communicate a BYOD policy. To help you on your way, we've borrowed this brief outline from the guys at CIO.com of key aspects for your BYOD policy:

  1. Specify what devices are permitted
  2. Establish a stringent security policy for all devices
  3. Define a clear service policy for devices under BYOD criteria
  4. Make it clear who owns what apps and data
  5. Decide what apps will be allowed or banned
  6. Integrate your BYOD plan with your acceptable use policy
  7. Set up an exit strategy for employees leaving or no longer using a device

Recent Articles

Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organisations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018
Redstor-_Why_great_support_is_vital_blog Disaster Recovery

Why Great Support Is Vital To IT Strategy

An organisation’s IT strategy must deal with many aspects, from ensuring users have a seamless experience to protecting against the threats of... read more

June 12, 2018