| 4 min read

BYOD Security Stakes Raised

By  Aura Information Security,
 16 September 2016


For some it’s a passion. For others, the smartphone has become the base of operations for their working lives. As the modern professional becomes less tied to one location by technological limitations, the possibilities of working remotely are being embraced by more industries and professions.

Bring your own device is a practical reality for business not just in New Zealand, but around the world. But one aspect which is often partially or entirely missing is bringing your own security – or at least being aware of it.


According to Peter Bailey, General Manager at leading cyber security business Aura InfoSec, there is routinely either little security around the use of mobile devices in the workplace. Or in some cases, none at all.


“The rapid introduction of new products from handset manufacturers such as Apple and Samsung generally heralds advancements in all aspects: better cameras, faster processors, and improved ability to access and use information.


“However, while advancements in technology make devices more useful for work tasks it is often comes at the expense of good security practices,” he adds.


David Kirby, ‎Senior Security Consultant for Mobility at Aura InfoSec, says that while smartphones do feature some level of security, whether or not they are being used in a secure way is often difficult to monitor.


“Smartphones are generally ‘sort of’ secure – that is, they have some measures on board as they leave the factory – but whether or not those measures are even enabled is open to question,” says Kirby.


Even if embedded security options are activated, he stresses a rigorous approach to information management is the only way businesses can effectively identify the risk of leaving security in the hands of an end user.


The stakes, when it comes to mobile devices, have also never been higher. Their popularity, (relatively) low cost and utility means everyone has one. It also means mobile devices are a prime vector through which attackers will seek to compromise company information.


But it isn’t even hackers who are the biggest cause of compromises. There’s something a lot less low-tech at work too – forgetfulness and theft. An August 2016 report from US-based security broker Bitglass showed that one in four data breaches (25.3 per cent) that have occurred since 2006 were due to unauthorised persons getting their hands on a corporate mobile device.


By comparison, Bitglass notes that 19.2 per cent of breaches were caused by hacking, 14.1 per cent through unintended disclosure and 13.1 per cent by disgruntled former employees.


“This research is fascinating because it shows the necessity for powerful devices to have equally powerful security on them. Today these devices can access corporate networks, ERP and financial systems, company document storage repositories and more,” Kirby points out.


Moreover, security vendor ESET has found that millennials, regarded as the most internet savvy generation, are notoriously lax when it comes to security.


In its Australia and New Zealand cyber-savviness report ‘The differences in cyber security practices across generations’, it found 46 per cent of members of millennials use the same password for all accounts on personal devices. That compares poorly to the 18 per cent of baby boomers who do the same thing.


This is a scary thought, Kirby says, especially as mobile devices are often connected into the heart of a business.


Delivering better mobile security isn’t the same as it is for other devices, he says. That’s because the owner of every new iPhone, Galaxy or other handset looks forward to the convenience and capability these devices enable.


To the user, security measures have to be just as simple and convenient as other applications are. The bottom line is that for BYOD device security to protect the owner, as well as the device and the company where it is being used, it has to be straightforward.


“If it becomes intrusive or limits the performance of any aspect of the handset, it won’t be good enough. You want users to intuitively use security rather than try to get around it,” says Kirby.


“Perhaps the best way for business to stay secure is to add another layer of security to mobile devices being used by staff. An example being Comraptor – a solution that provides a comprehensive and effective secure encrypted mobile communication system for industries that require high secure and confidential text SMS, voice, email and data transmissions.”