Many offices now allow workers to bring their own smartphones and tablets to work – a practice that has been described as “bring your own disaster” by IT wags for decades.
Mixing the private and the professional certainly CAN bring disaster – especially when experts from security trade body ISACA estimate that 30-40% of BYOD devices are brought in “under the radar”.
Workers also tend to resist simple, sensible steps such as having devices inspected – and commit far more basic errors such as failing to lock devices.
ESET Senior Security Researcher Stephen Cobb said, in a detailed blog post cataloguing some of the risks of BYOD,“The phenomenon of organizations allowing or encouraging their employees to use their own computing devices for work–known as Bring Your Own Device, or BYOD–is now widespread in many countries, bringing with it some serious risks to company networks and data.”
Disasters, of course, can and DO happen – our tips should help you avoid being the guy who brings his own.
Lock your device – or risk your manager hating you forever
Many companies hand out smart devices for workers to access corporate emails – but many workers ignore the most basic step of all, putting a lock on the device. This means if a work phone is lost, sensitive data can be gone too. A recent survey by a phone insurer, of 1,000 adults, found that 43% of “bring your own device” users had no protection at all on their devices. Less than a third – 31% use PINs or passcodes on their devices.
Don’t share your work laptop
Many work laptops come with protection built in – but the best protection in the world isn’t going to save you if your device ends up in the hands of someone who doesn’t care about your job or your data. ESET research found that 46% of people with a “work” laptop shared it with others. Your family (probably) aren’t spies for another company – but even your family can take risks, such as downloading “hacked” games to play, or opening malicious Facebook links. Both of those could compromise data and get you in trouble at work.
Think hard about what websites you visit on your work machine
There are two good reasons for this – one people in your workplace may well be able to see exactly what you are doing – and two, “risky” behaviour, such as downloading peer-to-peer or “free” software, can put your machine at increased risk of malware. In a detailed blog post on the subject,
ESET Senior Research Fellow Righard Zwienenberg says that many employees value BYOD precisely for the opportunity to visit non-work sites, “For anyone thinking that BYOD is a problem for the (near) future rather than right now, here is your wake-up call: the future is already here, including all the attendant risks. It is almost impossible to prevent people from bringing all kinds of devices into the workplace.”
Don’t take home that file marked “Top Secret”
It’s unlikely that your employer does keep its secrets in beige folders stamped “Top Secret”, but you should think carefully about what files belong on your mobile device, and which ones don’t. If it’s embargoed data, or financially sensitive data, it probably doesn’t belong on your smartphone. Big data leaks caused by careless workers make the news – and you don’t want your face to be on the reports.
Working from home can be as bad as “bringing your own”
If you are dealing with sensitive work data, and working from home, talk to your IT department about using VPN software or other “extra” security measures. Many companies don’t – and this places valuable data at risk. A recent survey found that although many firms allow workers to work from home, few regulate the practice. Just 17% of films have a formal policy regarding working from home – and more than two thirds (67%) failed to provide secure access to company intranets, according to CBR Online’s report. One in four provide no equipment or training for home workers.
Don’t stop off for coffee to send work emails
In a recent survey carried out by ESET, 31% of users admitted to working from unsecured public Wi-Fi networks – and in a separate survey, 7% admitted to sending and receiving work documents over public networks. This is a major risk. ESET Distinguished Researcher Aryeh Goretsky says, “It is possible that someone might be monitoring and capturing network traffic going through the “free” Wi-Fi connection.” Don’t risk it. Have coffee at home instead.
Encryption isn’t just for James Bond
Encrypting data sounds intimidating for many computer users – but it really isn’t a “James Bond” technology (although, in the wake of recent NSA and GCHQ revelations, Bond may well be reading your emails). If you’ve got sensitive data on your device, encrypt it. Our in-depth advice on Android security explains how to encrypt data on Android smartphones and tablets. Both Mac and Windows offer built-in ways to encrypt files or folders, and other apps offer similar services. ESET Senior Security Researcher also warns users and businesses against being “put off” encryption by recent revelations about the NSA, “Keep on encrypting – I also think now is a good time to revisit your current use of encryption. What data are you encrypting? What data should you be encrypting? And how strong does that encryption need to be?”
Got a four-year-old Android? Complain to your boss
Many firms hand out smartphones to workers – but others rely on apps pushed to devices which may bring their own security challenges. If you’re using an old device, locked to a network, and which has not been updated for a while, this is a perfect excuse to pester your IT department for a sparkling new Galaxy S4. If you are using your own device, and you encounter problems, ask IT for help – they’ll solve it faster than your network, and may uncover security risks.
Author Rob Waugh, We Live Security