What are the risks of BYOD?

As companies cut costs, and employees desire more freedom of choice, they increasinglybring their own mobile  devices to work. . The opportunity to eliminate the significant expenses associated with corporate mobile devices excites even the most staid CFO, and the IT guys are told to “make it work.” This development has come to be known by its acronym“BYOD” (Bring Your Own Device).

Sometimes there is no enforced policy in place. Employees do what they want, and permission happens later, if at all. The nurse brings her personal iPad to the hospital and uses it to record patient data she sends via email to the doctor, in addition to reading a book during precious downtime. The salesperson plugs a smartphone into their work PC to charge or sync something, or check personal email over the corporate Wi-Fi.

Using your personal device in the office is convenient and simple, but it’s not secure. Do you have anti-virus installed? Is your iPad’s wireless connection encrypted? Is the app being used secure? What if the device is lost on the bus on the way home—the device with confidential patient information, emails, or presentations on it?

One of the IT Department’s deepest concerns is regulated data. Almost all businesses operate under some form of regulation where fines or penalties are imposed in the event of a data breach: the leak of personally identifiable information like names, addresses, account numbers, and health records.

Then there’s the issue of your device breaking something else on the network. While your company’s IT guyhas a relative lock on all the work laptops, desktops, and even some of the mobiles, the IT department quickly loses control if you bring your new Droid or iPad and then connect it to the corporate network. Now the IT guy has to worry if that last app you downloaded will infect other computers on the network.

No matter what you do, make sure whenever you use your BYOD on a wireless network that the device is protected.  I use VPN specifically when I’m on my portable wireless devices. If I’m on my PC laptop, iPhone or iPad and I’m traveling on business, I know I’m going to be connecting to various free public Wi-Fi services at the airport and in my hotel or at a coffee shop. Before I connect to any Wi-Fi, I launch Hotspot Shield VPN. It’s a free VPN, but I prefer the paid version; the expanded paid option is a little quicker and offers a cleaner interface. Either way, it’s agreat option that will protect your entire web surfing session, securing your connections on all your devices and eliminating some of the potential headaches for your IT department.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How BYOD is Driving Innovation

One fourth of all global information workers use their own devices at home and at work for work purposes. A recent survey report, commissioned by Unisys and conducted by Forrester Consulting, involved 2,600 IT workers and 590 business and their IT executives.

CIO Insight points out that these are the “mobile elite,” a class of professionals who overwhelmingly opt to use their own tools because they claim these devices and applications make them far more productive than products supported and distributed by their companies’ IT departments.

Mobile-elite professionals appear to maintain a decided edge when it comes to client service and innovation. And they are also likely to take the initiative when it comes to sparking organizational change and introducing new technologies.

A recent Deloitte study highlights many common business and technology innovations being explored:

  • Improving time to market, customer satisfaction levels and sales
  • Improving infrastructure and data security, and reducing risk of incident or loss
  • Potentially reducing costs associated with hardware, monthly service fees, provisioning and ongoing support

A recent IDG report disseminated by DronaMobile enumerates the benefits of permitting employees to use their own tools.

Employees allowed to choose their own devices are happier and more satisfied in their work. With the added flexibility of choosing the applications and cloud services to use, employees get the leeway to be innovative. As smartphones and tablets blur the line between personal and work hours, employees pursue ideas at their own pace, time and location. Without the pressure of conforming to office hours and working on office equipment alone, workers are observed to be more productive, efficient, creative and appreciative of this privilege.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

4 Best Practices for BYOD Policies

People love their mobile devices and don’t want to leave home without them. When they bring their digital device to work we call this Bring Your Own Device or BYOD.  The day after you get your new mobile phone or iPad, you’ll probably take it to work and have the IT department set it up with your email and access to the company IT network. And as more and more companies agree to this, they are also requiring you to agree to their BYOD policies as well.

  1.     There should be an acceptable mobile usage policy. These are set up by the companies CIO and telling you what you can and can’t do on your mobile device.Read the BYOD policy carefully because once you sign it your job will be on the line if you don’t abide by it.
  2.     For IT security purposes, an application will run on the mobile device that needs to be downloaded and installed. This security application will have a certificate authenticating the device with terms and conditions to connect to the company network and run yours and the companies programs.
  3.     The mobile management application will provide the enterprise the ability to remotely control your mobile and wipe data. Don’t do this if you don’t plan on agreeing to the BYOD policies
  4.     Expect the security application to have the ability to locate your mobile if it’s lost or stolen via the phones GPS, lock your phone locally within 1-5 minutes.  It will also wipe your mobile, having encryption, antivirus and a firewall to protect company data.

Bringing your own device is not a right but a privilege. If your employer doesn’t allow it there is generally a good reason. Data breaches cost thousands and in some cases millions. So if you are lucky enough to be privileged, protect that mobile device with the guidance of the IT department.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Mobile Device Security in a BYOD World

In the real world there is little difference between an employer’s issued device and a personal mobile device. The most important difference should be that a digital device issued by your employer requires and should have a “company mobile liability policy”. Businesses generally provide and pay for employee mobile devices, and also strictly dictate what you can or cannot do on the device. For IT security reasons, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination wipe the data.

Mobile device security policies” are for the BYOD or “Bring Your Own Device” employees. The employee may pay for the device and its monthly plan and has also imposed security restrictions and limitations on employees who use their personal devices at work.  If you choose to use your personal device for employment purposes at any time for any reason then your employer may take control over that device to protect themselves. In a company mobile liability policy, the employer often has remote capabilities to monitor activity and in the event of loss or employee termination wipe the data.

A recent study shows less than 10% of people BYOD employees auto lock their tablets and people were more security-savvy about their smartphones, with 25% locking.

Most employee issued mobile management software will require the device to be locked and the password to be changed quarterly. These mobile device security programs tell you in the terms and conditions that the contents on the device is subject to being monitored and at any time the device can be wiped by the employer.

The employer is liable for potentially lost data on your mobile. So, to maintain security in a BYOD world, plan on giving up some liberties.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

IT Security – Get a BYOD Policy Now!

Your companies IT person is tasked with managing numerous digital devices like mobile phones, tablets and any other portable device that communicates. Small businesses and IT managers must have IT security policies to manage devices attached to the network. Start looking at security vendors who provide solutions to keep track of, lock down, and secure your small business devices.

Consumers have at best a basic knowledge of IT. Consumers like gadgets and want to know how they work and at work they need to use technology to use it. This process is how the majority gets up to speed on technology and learn personal technologies they acquired for home use to make their work lives better than even the technology their workplace provides them. This is the consumerization of IT.

The issues of “BYOD” or Bring Your Own Device to work is a huge problem for IT managers at small businesses everywhere. Most IT managers have a pretty good handle on the company laptops desktops, and mobiles, but they are quickly losing control when employees bring their new Android mobile device and connect it to the corporate network.  Now they have to worry if that last application that was downloaded is infected and will infect the network when plugged you into a company PC to update or sync something.

Help the IT manager protect your small business network by:

  • Check to see if your business has a BYOD policy
  • Lock down your mobile device in case it’s lost or stolen
  • Install a “lost/locate/wipe” software on your device
  • Never leave your device exposed/unattended in an automobile.

 Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures