Working from home (WFH) during COVID-19 has presented common challenges to organizations and their leaders. This naturally leads to an abundance of “bring your own device” (BYOD) as employees draw on their trusted personal devices, during the shelter-in-place rules. Organizations must adapt and create a new level of BYOD policies with COVID-19 in mind to safeguard work data.
With that, comes a new breed of security villains who are on the hunt finding ways to exploit the ever-expanding attack surface.
BYOD Security Risks: As with traditional attacks on the network, the BYOD attack lifecycle begins with employing exploits to compromise devices. Once bad actors are able to compromise a device, they can move laterally to extract critical data or perform a Denial of Service (DoS) attack.
We asked our crowd of security experts and executives what they see as the top 5 rules for BYOD in today’s WFH environment — securing and empowering your remote workforce has never been more urgent than in today’s climate. Here’s what the Synack crowd expects to see:
- Rule #1 — Establish BYOD Policies: Create the BYOD policies that work for your organization. Compliance, privacy, security, and approved apps need to be clearly stated in company policies and socialized with employees.
- Rule #2 — Maximize Protection with VDIs/VPNs: With BYOD make sure you have either a Virtual Desktop Infrastructure (VDI) or VPN in place. Some prefer using VDI while others make heavy use of VPNs. Some of the more progressive in our crowd see VDI (with or without VPN) as the best protection around BYOD.
- Rule #3 — Always use MFA: Whether using VPNs or VDI, one thing is for certain: multifactor authentication is a must for any BYOD. It cuts down the odds of a device being compromised and protects access to corporate assets even when the device is a personal one.
- Rule #4 — Protect Data: Manage data usage. Be on the lookout for the devices accessing corporate data. Since the data is what cybercriminals are looking for, make sure you have a good Data Loss Prevention (DLP) solution, and that the data itself is encrypted and accessible to only those who need to know. Mask data in cases where employees need access but don’t need to see the sensitive details.
- Rule #5 — Zero Trust to Build Trust: If you are using all-cloud solutions and BYOD, the idea of “protecting the network perimeter” is obsolete. Assume a zero trust posture, ensure identity is validated with strong passwords and MFA, and use a strong identity solution when you can. By prioritizing security, organizations can actually build customer trust in their security programs and products/services.
A weak infrastructure combined with targeted COVID-19 attacks help create a prime opportunity for cyber criminals. Now is the time for organizations to strengthen their security BYOD policies and implement the above rules to build a more secure groundwork for the future, not to mention peace of mind when working from home.
Our roundup of favorite ‘BYOD’ stories from around the web: