Some executive-level BYOD advice from Down Under
While much of the United States was taking a long weekend over the Thanksgiving holiday, our friends Down Under were cranking out advice for executives struggling with BYOD.
In a recent notice, the Australian Cyber Security Operations Centre detailed a number of financial and security considerations for executives dealing with BYOD.
Enterprises should understand that BYOD is likely to increase overall costs, despite the reduced hardware costs from not having to buy devices for employees. The increased costs can come from the technical support for these devices and from managing security risks.
The security risks BYOD can pose to the enterprise include social engineering of employees or the introduction of malware into the corporate network, both of which can lead to the loss of confidential data.
With BYOD, organizations often have less visibility and control over the security configuration and user behavior. In addition, employees often lack the security knowledge to reduce risks to their devices.
The CSOC advised executives to ensure that there is a "justifiable business case" to allow BYOD, given the additional costs and security risks it entails.
The CSOC offered a number of recommendations to executives to reduce the risks to their organizations: use a risk management approach to balance the benefits and risks involved with BYOD implementation; develop and communicate a sound device use policy; consult with business and legal representatives, IT security staff, system administrators and employees; and educate users on corporate policy and security risks.
An executive contemplating BYOD should ask the enterprise's IT security team a number of questions designed to assess the benefits and risks. These questions are designed to understand how the team would protect the corporate network and sensitive or classified information being stored on a device.
"BYOD will introduce new risks, both to an organisation's business and the security of its information, which need to be carefully considered before implementation. Importantly, there will always be residual risk in a BYOD scenario," the CSOC cautioned.
- see the CSOC's notice