Over half (51%) of employees have mandated company apps installed on their personal smartphones. Mobile device use has skyrocketed over the last two decades, and in many organizations, mobile devices do a larger share of the workload than desktop computers.
The ability to work from anywhere makes tablets and smartphones particularly helpful in large plants and facilities. Employees can access the data and software they need from any location, and do not need to be sitting at a desk in front of a keyboard to do their work.
As mobile devices have become more prevalent in the workplace, an important decision has been faced by multiple mission-critical facilities: “Do we issue our own work devices or allow employees to use their personal devices for work?”
This boils down to the question of whether to incur the cost of purchasing company-owned equipment and mobile plans for each employee or to allow workers to use their own smartphones. Using a Bring Your Own Device (BYOD) program is often more economical for organizations as well as more convenient for employees.
Questions Asked About BYOD
The biggest consideration with mobile device use for work is critical infrastructure cybersecurity. Questions that go through the minds of security teams in these facilities include:
- How secure are the devices that are connected to the network?
- If company-owned devices are issued, will personal devices be used onsite anyhow?
- What is the best way to secure employee-owned devices?
- Can we make BYOD secure enough for our facility?
It is possible to implement a BYOD program without putting your organization’s security at serious risk. Next, we’ll outline several ways that you can mitigate the risk of employee-owned mobile devices.
Checklist for More Secure Mobile Use
Before we get into the checklist, let’s cover a critical tool that’s needed to properly manage and monitor endpoints – including employee-owned devices. This is an endpoint device manager.
This software provides vital transparency into the “business side” of employee-owned devices, as well as company-owned endpoints. An endpoint device manager provides the ability to perform many of the checklist actions below.
Keep Mobile Device Software & Apps Updated
Over 95% of government employees using Android are on outdated operating systems. Not keeping a device’s OS and applications updated is a big concern for critical infrastructure cybersecurity.
Outdated software means that network vulnerabilities can be present that leave a device, and through its connection, the entire network at risk of a breach. Thus, it’s important to automate the update process for employee devices used for work to keep BYOD from becoming a huge security risk.
Require Devices to be Trusted
Using a trusted device policy is a tenet of zero-trust security that helps prevent a breach of your network by a bad actor using an unfamiliar device. It also keeps mistakes from happening, such as an employee using a new smartphone to access work that hasn’t yet been connected to your endpoint manager.
Trusted devices should include the following parameters:
- Properly configured to enterprise standards
- Continuously monitored by your endpoint management system
- Updated with the latest security patches
- Not jailbroken or rooted
Use Two-Factor Authentication
It’s important to authenticate device access to your network with more than just a username and password, which can be easily compromised. Employ the use of two-factor or multi-factor authentication to mitigate the risk of a breached account.
Using a biometric, like a face or fingerprint scan, can provide maximum protection. Additionally, security keys that are inserted into devices for authentication can reduce risk in the case of a lost or stolen device.
Educate Employees to Only Use Approved App Stores
Certain apps will collect data from a device that is outside the application itself. Others will have malware hidden inside an innocent-looking free application. Employees may not realize that one app can compromise another, such as a work-related mobile app.
Educate your team on only downloading applications from approved app stores. Make sure to provide a list of these, so there is nothing left to chance.
Minimize the Amount of Personally Identifiable Information Available in Mobile Apps
As mentioned, some apps will collect data from a device and other apps. And many of these are social media applications, like TikTok and Facebook, which are available in approved app stores.
Reduce the risk of leaked data by minimizing the data accessible through mobile apps and stored on the device itself.
Enforce the Use of Secure Communication Protocols for Work
Sending work-related information through a social media messaging system might not raise a red flag to a young employee. But unsecured communications of sensitive data can be intercepted by hackers.
Outline and enforce the approved communication applications for your employees. You should use only encrypted channels through applications that have privacy policies clearly stating they do not sell or share user data.
Ensure the Device Has Appropriate Threat Protection
Any device used to access your network and data should be properly protected with anti-malware and threat protection technology. This is another action that can be automated through the use of an endpoint device management system.
Get Help Securing the Mobile Devices Accessing Your Network
WizNucleus can assist your mission-critical facility or organization with solutions that allow you to safely administer a BYOD program.
Contact us today to schedule a free consultation! Call +1 (646) 558-5577 (New York, NY) or +1 (469) 481-1726 (Carrollton, TX) or reach out online.