BYOD: The why and the how
by Mirko Zorz - Editor in Chief - Friday, 21 June 2013.
Fortunately, mobile devices in the corporate environment have become sufficiently common that best practices are developing to assist a CSO in identifying the provisions that should be in their mobile device policy. These include:
  • Security awareness training/education
  • Acceptable use
  • Operating system security
  • User responsibilities
  • Access control
  • Data handling
  • Individual responsibility if co-mingling personal and organization data on the mobile device
  • Constituent accountability
  • Secure disposal of device at end of life
  • Vulnerability management
  • Responsibility for ensuring mobile device operating system is updated
  • Responsibility for ensuring mobile device applications are updated
  • Reporting information security incidents in the event of loss or theft
  • Prohibit sharing a mobile device with other users, including family and friends
  • Ownership of data on the device
  • Legal ownership and rights of the mobile device
  • Specific actions that organization may take in the event of a lost/stolen or compromised mobile device (e.g., remote disable, remote wipe, confiscation)
  • Data sanitization of (organization) data, settings and accounts on the mobile device at end of life
  • Creation and use of mobile hotspots on an organization's premise (BYON - Bring Your Own Network)
  • Consequences for non-compliance with mobile device policy
  • User authentication on the device
  • Device encryption.
The content of each of these provisions will certainly vary based on a company’s risk tolerance, what they allow employees to do with mobile devices and, to a large extent, the regulatory environment in which they operate.

Nonetheless, CSOs should consider the development of a thorough and robust mobile device policy at the very core of their ability to manage the risks associated with these devices. Of equal importance is implementing the business practices and procedures which are necessary to support these policies.

What BYOD-related issues can we expect to grab the spotlight in the future?

As criminal enterprises continue to target mobile devices as their vehicle to access company systems and data, incidents related to mobile devices will continue to grow. One of the biggest issues in addressing this problem is the constant evolution of mobile technology. CSOs will be required to allocate a growing amount of their budget to develop and maintain the resources necessary to keep pace with changes in technology and increased threats.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th