Best Practices for Balancing BYOD with Mobile Security

Protecting Sensitive Data in a Mobile-First World

By JT Keating, Vice President of Product Strategy, Zimperium

The rapid evolution and advancement of technology have made us almost incapable of separating our devices from the way we conduct our everyday lives, personally and professionally. From the Apple Watch to wearables, tablets, and smartphones, bring your own device (BYOD) is no longer something to try to plan for in the future, but something companies have to deal with right now.

The benefits provided by our devices’ ability to communicate instantly, exchange files and simplify complex business operations has skyrocketed productivity rates and made collaborating with our colleagues – across offices and borders – practically instant. When computers became essential throughout every work environment, however, cyber attacks weren’t far behind. Eventually, the C-Suite woke up to the reality of cybersecurity and the need to take it seriously to stay afloat in today’s competitive landscape.

However, the increasing reliance worldwide on smartphones and mobile apps have occurred perhaps more rapidly than any other endpoint. In fact, Gartner predicts that demand for enterprise mobile apps will grow five times against the development capacity in 2017. Amidst this impressive growth, the security of mobile devices has been consistently put on the back burner – and hackers have taken notice.

Mobile Fraud Is Skyrocketing, While Awareness Is Not

In a recent survey, Zimperium found that fifty-one percent of respondents reported an increase in mobile threats in the last 12 months. In fact, according to the RSA Fraud & Risk Intelligence Service, more than 70 percent of fraud is now mobile. In 2019 alone, Zimperium discovered two billion risks and threats among its customers, or about 50 per device. The sophisticated tactics that hackers use to conduct cyber attacks are bypassing office walls to where employees – and thus, their employers – are most vulnerable: mobile. Take phishing, for example. According to Verizon, over 90 percent of breaches started with a phishing attack and Adestra notes that over 60 percent of emails were opened on mobile devices.

The problem is that mobile devices such as smartphones are fundamentally different from other enterprise devices such as desktops and laptops in this vital respect: IT does not administer the advice – the user does. Although modern collaboration techniques often require employees to create and share unstructured company data from their mobile devices, IT does not have the proper amount of visibility into these devices to know what threats the company data may be facing. This explains why, in a recent survey, Zimperium found that 42 percent of organizations were unsure if mobile devices had been involved in past security breaches involving their organization.

Best Practices in BYOD and Mobile Security

There’s no denying that personal devices in the workplace aren’t going anywhere, given the unparalleled value that they bring to organizations. In fact, Forbes recently reported that enabling the mobile workforce drives 30 percent better processes and 23 percent higher productivity.

However, balancing the use of mobile with recognition of and preparation for the growing number of cyber-risks these devices face needs to become a top priority for IT teams in 2019. Data mandates such as Europe’s General Data Protection Regulation (GDPR) have shown that governments and consumers are getting serious about the security of their information. It’s essential to keep sensitive company information secured on mobile devices in order to maintain trust from customers and, in turn, maintain a competitive edge.

The bottom line is that organizations need to embrace a healthy mobile security policy that protects the organization and its sensitive IP while promoting productivity on mobile devices both inside and outside of the corporate network. For enterprises who are struggling to adopt mobile security best practices, here are a few key things to consider when balancing BYOD and security:

• If mobile devices are being used to access corporate data, including from sources such as email and mobile applications, the company has a responsibility to ensure the data is protected.  This applies to corporate devices as well as BYOD devices.  Perhaps the most basic and all-encompassing reason for this is that without ensuring data is protected, companies will be out of compliance with one – or multiple – regulations. The modern-day business environment means that every company is now a technology company. The average company in operation today typically processes and stores a large volume of highly sensitive employee, customer and client data that they have an obligation to protect. Regulations such as Europe’s General Data Protection Regulation (GDPR) show us that today’s consumers and employees are taking the mismanagement of their data more seriously than ever before – and so are their governments. In addition to avoiding millions of dollars in potential fraud and fines, the proper handling of sensitive data is key to keeping consumer trust and, in turn, staying competitive.
• It’s important for all companies to recognize that today’s devices contain highly personal information that is private and confidential to the owner of the BYOD device – and every precaution should be taken to not impact that privacy. In a recent Zimperium research report, 14 percent of companies stated that employee privacy concerns were an inhibitor to adopting BYOD. It’s important to keep the security of your company data in mind when adopting a BYOD policy, but it’s equally imperative to protect your employees’ privacy. BYOD can spike a huge increase in employee productivity, but they’ll only capitalize on the opportunities that BYOD brings if they trust that their personal data is being kept private. In the same research report, 53 percent of respondents said BYOD adoption would increase if IT couldn’t view or alter personal data and apps.
• To have the greatest chance of adoption and success, any BYOD security policy must be as easy and as unobtrusive as possible. Everyone in the security industry already knows that IT resources are more strapped than they’ve ever been before. To keep both your employees and your IT team happy, the best BYOD policy is a simple BYOD policy. Making an effort to ensure your policy is well-communicated and understood throughout your organization will help boost adoption rates. Find ways to show employees how they can integrate their personal devices into their professional tasks while following your BYOD policy and staying secure. Additionally, making security personnel by emphasizing the ways in which following your BYOD policy benefits employees personally as well as the company can help boost adoption.

Technology’s rapid evolution has revolutionized the ways in which we communicate both personally and professionally. In addition to corporate-owned devices, today’s employees also expect the ability to bring, connect and fully utilize their own personal devices at work. The productivity benefits that BYOD policies bring to the enterprise are well-documented, but in today’s era of elevated cyber-risk, sophisticated hackers and high-stakes regulations, it’s imperative to balance BYOD with mobile security. By following these best practices, organizations can start on the right path toward creating a satisfied and secure workforce.

About the Author

JT Keating is the vice president of product strategy at Zimperium.  He has brought software and mobile communications solutions to market for 25 years. Being passionate about security, he helped define and create multiple innovative approaches including application whitelisting at CoreTrace (acquired by Lumension), integrity verification at SignaCert and the first behavioral malware/phishing solutions at WholeSecurity (Symantec). JT can be reached online at https://www.linkedin.com/in/jtkeating/ and at www.zimperium.com.