If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at firstname.lastname@example.org or call 1 866 751 1323.
Is your organization resisting the “bring your own device” (BYOD) craze? If so, it might not be able to hold out much longer.
While the BYOD phenomenon may make employees happy, it can create quite a stir among executives and IT pros. And rightfully so. Without the right policies and technology in place, a BYOD program can lead to an increase in data breaches, often resulting in the loss of customers, partners and an organization’s reputation.
Here are four tips to help mitigate the risks of a BYOD program.
1. Policies are important
There are two types of policies that can be implemented with a BYOD program, according to industry experts. First, an “acceptable use” policy can be implemented to protect your organization from guests’ activities that could pose security risks.
Second, and perhaps more important, would be the establishment of security policies. These policies are designed to protect sensitive company data, including customer information. To reduce the risk of losing sensitive information, the policies should define the data and clearly spell out who can have access to it and under what circumstances. As was highlighted during the BYOD Mock Debate at IAPP, the disconnect between organizational policies and employee recognition of these policies can create a significant security risk.
For example, an employee might download questionable material or open a link containing a virus that quickly spreads throughout the organization. Under more extreme circumstances, you may have an employee who downloads sensitive customer data to their own device and later sells it on the dark web.
To avoid these unfortunate situations, organizations need to have strict policies. And, the policies need to include penalties to make them effective.
2. Don’t forget about encryption
Encryption on mobile devices continues to be problematic. Only 24% of the companies in the Varonis study encrypt mobile devices.4 This is a significant risk to organizations because a common cause of data breaches is the loss or theft of unencrypted devices. Mobile devices that contain sensitive data should be encrypted with up-to-date software that can restrict who has access to that data.
3. Mobile Device Management (MDM) software should be incorporated
BYOD programs should also incorporate MDM software. MDM typically includes over-the-air distribution of applications, data and configuration settings. This type of software can reduce the risk of a data breach by controlling and protecting the data and configuration settings for all of the mobile devices in your network. The BYOD Panel Mock Debate at IAPP also discussed the need for separating personal data from company data on mobile devices, and the need for MDM. Data stored using cloud based services further adds to the complexity and need for MDM.
4. Multi-factor authentication adds more protection
Organizations would be wise to use at least two - if not three - factor authentication in their BYOD program. Unfortunately, many employees that bring their own devices still just employ a username and password to access their device for work. With two- or three-factor authentication, it becomes much more difficult for a thief or unauthorized individual to access that device.
Since the popularity of mobile devices is expected to continue to grow, businesses must prepare for the trend. Organizations may be able to increase productivity by having employees use their mobile devices, while still limiting the risks of a data breach by developing a solid, secure BYOD program.
To watch the live panel debate visit http://www.ustream.tv/ExperianDBR
1 HP 2012 Cyber Risk Report
2 Varonis BYOD Research Report, January 2013
3 “Is Your Company Ready for a Big Data Breach,” Ponemon Institute, March 2013
4 Varonis BYOD Research Report, January 2013