I believe that most security risks in BYOD come from ‘non-malicious incompetence’ on the part of employees. It’s vital to educate them about how easily security can be compromised. Sharing these four preventive measures can incent employees to help protect corporate data, as well as their own personal information.
1. Control Access to Your Phone
This is the simplest front line of defense. While people don’t deliberately forget their phone in a public restroom, gym, or restaurant, we all know it happens. So, make sure you have the appropriate device lock in place, either a pin code, or screen pattern lock. If you have a pattern lock (this is where you join the dots to unlock your phone) make sure you wipe the screen to avoid leaving smudges that can reveal your pattern.
A number of social engineering attacks focus on getting physical access to your device either to install a malicious app or to read your data. If your phone has a removable SD memory card that is not encrypted, an attacker could remove it and read its data. Encrypting memory card data is important, either by using the capability of the device or using a third party encryption solution.
The company security policy requires this type of basic protection when you use your smartphone for work purposes.
2. Be Wise About Downloading Applications
There is great risk in downloading applications, more so if apps are “side loaded” or otherwise loaded from unapproved or unofficial marketplaces.
When you agree to download an app you will need to accept a list of permissions that grant capabilities to the application. For example an app may need to access your location data or your camera. Rogue apps, in the form of Trojans, may take advantage of these new permissions and you may unknowingly allow the application to access your camera, or your personal or corporate data without realizing it.
In addition, such malware applications can embed functions that allow your phone to make premium rate calls while you are playing a game, for example. You won’t know this until you receive a whopping bill at the end of the month and by then its too late.
The company’s BYOD policy outlines the type of personal applications that are acceptable and safe on your phone, and also specifies approved sources of applications.
3. Think Before you Respond to Certain E-mail Messages
In our hectic lives, the ability to access email while we’re on a train, or in the supermarket, is wonderfully convenient. We tend to multitask and zip through email. Remember that the small screen of a smartphone makes it more difficult to detect possible phishing emails. Your bank’s email may look legitimate, but if you don’t have time to check it carefully, don’t respond or click on any links. It’s much safer to wait until you can read it carefully.
4. Understand and Accept the Benefits of Mobile Device Management Software
The best way to protect your BYOD smartphone is through corporate-installed mobile device management software. This can protect your device in a number of ways. For example it can detect if your phone’s SIM card has been changed, back up your data automatically, remotely wipe a lost phone, help recover a lost phone by using its GPS location or even command the phone to emit a really high pitched alarm to scare off a thief.