Kevin Curran, IEEE Senior Member and Professor of Cybersecurity at Ulster University, discusses the stark figures associated with cyberattacks as of late and why it is therefore essential for organisations to address potential risks before implementing processes such as BYOD.
Undoubtedly, the past two years have resulted in a colossal number of enterprises adopting an agile working model. What was once a novelty for many is now standard practice for workers within the UK and beyond. In fact, recent research from the Job Description Library has found that, in 2022, 30% of people in the UK work remotely.
Although there are often concerns around equipment, bandwidth and infrastructure, a huge number of organisations are more worried than ever about the potential security threats. This should come as no surprise, as employees have been operating outside of the traditional IT safety net with personal devices, cloud networks and remote access technology.
Due to the working environment shift, Bring Your Own Device (BYOD) policies have been widely introduced whereby employees are essentially able to use their own devices, such as laptops or phones, within the workplace. Although this presents benefits such as reduced costs and increased flexibility for members of staff, it also come with security risks.
Recognising the risks
Since 2020, cybersecurity attacks have been rife. Research published by the UK Government has found that, of the 39% of businesses in the UK that identified a cyberattack in 2021, 83% were phishing attempts and 21% identified a more sophisticated attack type. These included malware, denial of service, or a ransomware attack.
According to the survey, organisations cited ransomware as a major threat, with 56% of businesses having a policy not to pay ransoms. Furthermore, within the group of organisations reporting cyberattacks, 31% of businesses and 26% of charities estimate they were attacked at least once a week.
These figures show just how serious cyberattacks are and why it is paramount for organisations to address risks before implementing processes they might be unfamiliar with, such as BYOD. It is always easier to prevent security risks from happening, rather than attempting to fix it at a later date and although it sounds relatively straight-forward, many do learn the hard way.
So, how exactly does BYOD impact cybersecurity? If a member of staff downloads unfamiliar information to a device, they are automatically putting themselves at risk of bad actors. If anything from a downloaded application to a PDF document contains a virus, it has the potential to pass this through the organisation’s network whenever the employee next logs in. This could significantly compromise the security of the whole business, so members of staff need to be vigilant when it comes to distinguishing the difference between corporate and personal data.
Employers need to recognise how easy it is for staff members to accidently expose the corporate network and how it is more common than they may anticipate. In fact, a survey conducted by Tessian, found that 43% of people have admitted to making a mistake at work which has had security repercussions, while 47% of people working in the tech industry have clicked on a phishing email at work. Hackers are aware that most data breaches occur due to human error, which is why phishing scams occur so often. It is vital that staff members know about how cybercriminals work and how they are constantly on the hunt for the most important information they can get their hands on.
Best practices to consider
There are a number of preventative measures which organisations can take to better secure data in the current hybrid working world. A few key examples include employers investing in cloud-based malware protection tools, educating employees about the associated risks and how they can best protect themselves, and encrypting BYOD devices, as well as all corporate data.
By implementing compulsory training sessions for members of staff, enterprises give employees the opportunity to learn what it takes to make themselves less vulnerable to bad actors. Although it may not feel like it, remote working is still a relatively new concept for many individuals. Therefore, brushing up on best practices such as secure passwords on all devices, data security management and general safer online habits will help significantly. To ensure this information is front of mind for employees, organisations should coordinate sessions on a monthly basis, depending on the size.
Enterprises that are in the process of introducing or have already introduced a BYOD policy would benefit from considering a mobile device management solution which allows for application management, security patching and updates to be performed on all enrolled mobile devices. Doing so can significantly decrease the number of potential attacks to the enterprise’s network.
Another challenge with BYOD and hybrid working is employees connecting to public Wi-Fi hotspots which aren’t always fully secure and bad actors use as an attack method. However, the Federal Communications Commission (FCC) has shared some top tips on how users can best protect themselves online and recognise the validity of available Wi-Fi hotspots.
To ensure all data is fully encrypted, employees should check that all websites they are visiting start with ‘https’ at the beginning of the address. In addition, the FCC suggests users should adjust the settings on the device so that it does not connect to W-Fi networks automatically. If employees follow simple steps such as these when working from a public place, the organisation is better protecting itself from being attacked.
With many organisations implementing a hybrid working environment, BYOD culture remains a hot topic and will unlikely stop soon. Therefore, it is essential for organisations to recognise the risks at hand and ensure they are following the necessary steps to proactively prevent any breaches or malicious activity.