News

Does your BYOD policy ensure data security?

Tue, 10/13/2015 - 13:35

Addressing the consumerization of IT in the workplace is not an easy task. The nuances of usage and the complexity of tracking things like features and settings, bugs and vulnerabilities between devices and operating systems makes it a challenge to anyone managing a BYOD policy. We note some key risks your policy should not be ignorant of.

Vulnerability in OS X

In adding to the controversy of Apple blocking custom development for Mac operating systems with its Gatekeeper utility, a vulnerability was discovered in OS X that would allow unsigned developers to bypass app restrictions. MacBooks run on OS X and since laptops are becoming more popular with the global BYOD trend, Apple responded quickly with a patch. But, Patrick Wardle, the head of research at Synack and the original vulnerability discoverer, says that the operating system still contains other vulnerabilities that could pose a risk to data security.

As reported by The Register.co.uk this month, Andrew Avanessian, VP at security tools firm Avecto says, "... many of the security mechanisms built into OS X are not suitable for enterprise-level security. With Gatekeeper being simply bypassed, it is time for organisations to consider layering extra defences on top – such as privilege management and application control – in order to mitigate attacks and prevent unwanted content from executing."

Vulnerability in Android

Apple fanboys will be glad to know that Android is no treat either. Most notably is the Stagefright bug which affects Android versions 2.2 (Froyo) to 5.1 (Lollipop). (See more version names here.) Stagefright basically results in code being executed when the preview of a video received in an MMS is generated. Said code could easily be made malicious by an attacker and will be executed by the device even without the user actually watching the targeted video.

A quick trip to AndroidVulnerabilities.org shows a steady increase in the number of "insecure" Androids of the past few years. Some of this is owed to the fact that manufacturers aren't releasing Android updates for their devices fast enough even though new versions are being released by Google. Since Android is projected to be the mobile operating system of choice, over Apple's iOS and Microsoft's Windows, for the next four years, it should be ringing the data security alarm bells for BYOD policy makers.

Devices on the Internet

Ipsos reported that 65% of smartphone users in the US intend on using their devices to do some shopping this holiday season. It's worth considering how this trend could impact your data security and whether your BYOD policy accommodates this. At the very least, it could be worth restricting online shopping sites to a trusted list.

BYOD policy tips

From laptops to tablets, operating system providers like Google, Apple and Microsoft are fighting for their reputations when it comes to eliminating bugs in their software and patching vulnerabilities. If your company has decided to adopt BYOD, they'll be bringing the fight to your doorstep. Your first line of defence is to clearly define and communicate a BYOD policy. To help you on your way, we've borrowed this brief outline from the guys at CIO.com of key aspects for your BYOD policy:

  1. Specify what devices are permitted
  2. Establish a stringent security policy for all devices
  3. Define a clear service policy for devices under BYOD criteria
  4. Make it clear who owns what apps and data
  5. Decide what apps will be allowed or banned
  6. Integrate your BYOD plan with your acceptable use policy
  7. Set up an exit strategy for employees leaving or no longer using a device

Recent Articles

Redstor_Alternative_accountancy_strategic_blog Redstor

Redstor Accounting For Financial Data Backups at The Alternative Accountancy Strategic IT Conference 2018

Continuing from a series of events in the first two months of the year, Redstor will be in attendance of this years, Alternative Accountancy... read more

February 20, 2018
Redstor_CryptoJacking_blog Data Protection

Crypto-jacker Leaves ICO In Its Wake

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all... read more

February 15, 2018
Redstor_100Days_to_GDPR Data Protection

100 Days To Go…

Wednesday 14th February 2018, valentine’s day, but more significantly it’s 100 days until G-day. May 25th, 2018, the day on which The General Data... read more

February 14, 2018