A New Year, New Devices and New Threats

The Christmas period is well known for the giving of shiny new gifts such as smartphones, tablets and laptops. But what does this mean for your organisation? This story from John will tell you what it means.

For Christmas I got a brand new Samsung Galaxy S3, and I just can’t keep my hands off it. During my holiday period, I downloaded about 100 apps, synced up all my social media accounts and even my work email.

I’m back at work now and my phone will have to remain in my drawer until I can download some more fun apps on it during my lunch break.

Although I don’t really want to use up my data so I’ll just use the Wi-Fi here at work.

Did you know that 100% of Top Paid Android Apps Have Been Hacked? This means that my phone is most likely crawling with enough bugs to actually scutter across my desk. To make matters even worse, my phone is synced up with my work email and is also connected to the Wi-Fi.

This could potentially be incredibly dangerous to the organisation I work for. Imagine if one of these infected apps allowed a hacker to access my work email or gain access to our servers through the Wi-Fi connection.

But hey, what do I care – not my problem right?

Now, back to syncing up my Dropbox account to my work’s Dropbox account.

So, what can you do to protect your organisation from wreckless users like John?

Lay Down Some Rules

Putting a Bring Your Own Device (BYOD) Policy in place will significantly decrease the threat your staff pose with their own devices. In all honesty, most staff will probably just be put off using their own device, in fear that they’ll have to read the policy if they bring a device in. But for those who are adamant that they want to use their device, you have to ensure you have an effective policy in place to protect both you and your user.

An effective BYOD policy should cover the following topics:

  • Device Selection
  • Encryption
  • Authentication
  • Remote Wipe Capabilities
  • Incident Management
  • Control Third-Party Apps
  • Network Access Controls
  • Intrusion Prevention / Detection Software (IPS/IDS)
  • Anti-Virus – AV
  • Connectivity (Bluetooth/Wi-Fi mobile hotspot)

The policy should be signed by any employee before they connect their device up to any of the organisation assets.

If you’d like to learn more about BYOD and how you can navigate the issues that will arise from your staff’s Christmas presents, then I suggest that you read the Bring Your Own Device Survival Guide