The concept of BYOD is not new; the oldest example would be carrying personal USB thumb drives to work. Since then technology has grown, and so has the BYOD trend. Statistics indicate that the medium by which most people access the internet wirelessly is using a portable device like a smartphone or a tablet. As mobile devices continue to evolve and expand their availability, their utility and versatility increase. Corporations and law enforcement agencies face increasing pressure from employees and consultants to permit the use of personal devices on their organization networks. With BYOD policies implemented, employees show improved productivity, ease of mobility, and a more satisfying end-user experience. But this trend of BYOD, poses serious challenges and risks for an organization’s data and its network security. There is the significant risk that permitting such connectivity might introduce viruses, malware and other forms of trouble into the organization’s file servers, email systems and mission critical infrastructure. Second, there is the increased likelihood of data breaches, theft of proprietary information and trade secrets, and loss of intellectual property.
A few months ago CCFIS, a research organization in India, was called to investigate a serious data theft case in a company who lost a million rupee tender by a thin margin. Company officials were baffled about how their rival company could come so near to their bid. They suspected that someone from their own company had leaked confidential bidding documents. Later on it was revealed that one of their employees used her iPod to copy these documents by accessing the USB port of the computer system whilst allegedly charging her device.
In a similar case, an IT company had to face serious repercussions after its software code was stolen. Upon investigation it was established that an Android smartphone opened in USB Mass Storage Mode was used to copy the source code.
So how can organizations reach a compromise between appropriate and adequate security while implementing an effective BYOD policy which fulfils the technology wants and needs of their internal client base?
Some of the main ways corporations can address these challenges are by:
- Assessing the existing technical infrastructure and security measures
- Identifying known weaknesses in proposed / desirable personal devices and recommending appropriate remediation
- Developing a comprehensive BYOD policy
- Developing in-depth Incident Response plans and remediation protocols to be employed in the event of a data breach or other negative outcome
Through proper planning, appropriate policy, and periodic review and assessment, organizations can successfully permit employees’ use of personal devices, without sacrificing information security.
| About the Author: | Aditya Mahajan |
| Interests: | Forensic Technology Services, Cell Phone & Chip-Off Forensics, Computer Forensics & Data Recovery, E-Discovery, |
| Contacting the Author: | in.linkedin.com/in/adityamahajan8/ |
