This is especially true at work. Their use of gadgets and technology help make them more productive. Using these devices to communicate and multi-task, workers find that without relying on these technology tools they are lost.
Businesses have been quick to embrace the BYOD (Bring Your Own Device) mentality because they see results from it and it doesn’t cost them anything as far as purchases are concerned. The users are bringing devices they bought for their personal use and connecting to existing wireless/cellular infrastructures.
In fact this trend is so popular that many organizations even allow users to connect their personal mobile devices to corporate resources like file sharing and email.
Like most things that seem like a good idea, there are some problems when it comes to security. The main problem is that many email administrators aren’t aware of the problems of mobile endpoint security and allow users to connect to email servers.
What’s the problem with BYOD?
Organizations who allow users to connect to company resources with their own devices typically run into two major problems:
- IT staff has to support the endpoint devices that are brought into the infrastructure.
- Personal devices are usually not adequately secured.
The first issue can plague email administrators because the number one resource that people want to access with their own equipment is their email. In just over a year, the number of Android phones being used in small to medium sized businesses has grown 7.1 percent, iPhones have increased 3.1 percent and iPad use has grown 1.9 percent.
While IT generally doesn’t service personal technology devices, the configuration of the servers to allow these devices falls into the hands of the email administrator; as does the creation of policies and instructions for connecting these devices.
But quite frankly, in most SMBs the email administrator isn’t going to turn away the guy in the next cubicle who is trying to get their emails on their new iPhone. He or she is going to help get that device connected. But each time one of these devices needs support, time is taken away from other things. In fact, Osterman Research found that it takes an estimated 72 minutes to address endpoint related issues. That is an hour and a quarter that could be used more productively.
Yet while supporting personal devices can be costly and even annoying, they introduce something that is even more troubling to a small business. That issue is lack of security.
Between 2007 and 2012 organizations have noticed a 12 percent increase in email violations as a result of personal devices being used in the workplace.
Most commonly, these violations are coming as malware and phishing attacks. Using an infected device for email communications, or using a device that is not protected by network security resources, makes it very possible for emails containing malware or phishing attacks to be opened by unsuspecting victims.
Not only do these attacks cost money in cleanup and mitigation costs, but an increased focus on spear phishing attacks means that financial loss from theft is a reality for even government and small businesses. In fact, more than a billion dollars was stolen from small to medium sized businesses last year alone, including:
- $600,000 stolen from the Catholic Diocese of Des Moines
- $378,000 stolen from the City of Poughkeepsie
- $447,000 stolen from a construction company in California
- $78,421 stolen from a law firm in South Carolina
- $75,000 stolen from an auto part store
These are real cases showing that phishing via mobile devices is a real threat.
What to do?
Like any dilemma involving security, allowing a BYOD environment takes a great deal of balance.
Organizations who allow workers to bring devices into the workplace must make sure that they have network based anti-spam/anti-phishing/anti-malware solutions in place. Relying on desktop security solutions will not work if the device brought from home has no protection.