According to ZDNet, "Only 2 percent of respondents said that mobile devices aren't used by employees at their company. Of the 98 percent who reported mobile device use, 94 percent said their companies use smartphones and laptops."
In short, Bring-Your-Own-Device (BYOD) us no longer emerging. It's here, and it's here to stay. So, what can you do about it, fast?
Dealing with BYOD Security Risks — Right Now
If we were to enumerate every risk associated with employees bringing their own devices into your office or onto your network, this post would be unfortunately long. (Read this list of disasters from CIO for a few examples.) Luckily, your job in this effort isn't to craft every last detail of your legal and binding policy, so you don't need to address everything right away. Before that policy is officially completed, what can you do to mitigate some immediate risks?
1. Narrow the field
Identify the highest level risks in terms of data access.
"BYOD comes down to a couple of things," says Jennifer Allen, manager of Twinstate's Red Team. "Data that can't leave the building, malicious stuff that can come into the building, and how devices are impacting productivity of the business as a whole."
If you can identify which data present the highest risk, i.e. the data your company absolutely cannot lose, then begin working to ensure that type of data isn't on any personal devices. Make this letter of the law before the law exists. Look at where the risk of this occurs and make a relevant, temporary policy, such as: until we have a stronger policy, personal devices can't plug into the internal network and must use only guest wifi.
2. Use Network Access Control
Using NAC is a quick way to mitigate risks. You can require devices to meet certain parameters, such as scanning clean or running a particular OS. You can allow or disallow network access based on these parameters. If you don't already have NAC in place, make it so.
"It's something you'll want in place going forward anyway, so it's a wise first step," says Allen. "There are lots of tests you can do before something connects to your network. You can sophisticate as you go and add layers to your policy."
3. Encourage Security Awareness Training
Your fellow employees aren't that likely to be malicious, but they are likely to be unaware of the risks they introduce when they use personal devices on your company's network. Keeping employees abreast of security threats in their environment is paramount to mitigating risk as soon as possible. Imagine the impact if even just one employee learns something new and makes a different choice as a result of attending training. That different choice could save your company from BYOD catastrophe!
Security awareness training can make all the difference for BYOD security. Click to tweet 
Contributing to Your BYOD Policy
Later, if you need to assist in creating the full policy, or if you need to justify a policy item's inclusion and the actions you need to take to mitigate risks, you can present theoretical or real-world scenarios that call out the problem clearly. It won't be easy for your bosses to ignore examples of employees accidentally leaking client data after having unrestricted network access. In your effort to influence policy in the future, call these items out, advises Allen.
"Say things like, 'A salesperson has access to our company’s client database. If they uploaded it to their phone and walked out of the building, what kind of loss would that cause?"
With that image in their minds, your bosses will surely understand the reasons behind policy items and be ready to work alongside you toward a better security posture.
Originally published on 09/27/2016
Topic: BYOD, Firewalls & Network Security
