The goal of cybersecurity is to safeguard your organization’s digital assets, including data and systems. Both EDR and MDR work to achieve this goal in different ways, and a good strategy will rely on both approaches to create a robust, more comprehensive cybersecurity strategy.
EDR: A Software-Focused Approach to Cybersecurity
EDR (endpoint detection and response) is a software-based cybersecurity approach designed to detect and respond to endpoint threats. Endpoints refer to any remote computing devices that are able to connect with your network, including computers, smartphones, tablets, servers, and IoT devices. Endpoints act like the doorways to your network, making them key points of entry for cybercriminals. As such, these portions of your network are vulnerable and require special security considerations.
Good EDR is Reactive…
EDR is designed to safeguard these endpoints by using both tools and solutions to detect and address threats to your endpoints and hosts (such as networks). Should an endpoint or host become infected with malware or otherwise compromised, the software can also quarantine the affected systems or endpoints to help slow or stop the attack. EDR is incredibly valuable because it can detect advanced threats without relying on behavioral patterns or malware signatures like anti-virus software does. EDR can also trigger an adaptive response to a threat (much like your immune system responding to an infection), allowing your system to learn from the situation and adjust its response accordingly. This approach not only helps contain the situation at hand but also helps improve your threat responses moving forward.
… But Also Proactive
In addition to learning from past incidents, good EDR also takes a proactive approach by seeking out new potential threats before they become actual threats. EDR is also able to gather data about the overall health of your network and record network activity. Should an attacker manage to slip past your defenses, this treasure trove of data gathered before, during, and after the attack will prove invaluable for identifying the root cause of the attack so that steps can be taken to improve your security moving forward.
EDR works like a security system, setting off an alarm if a window is broken or a door is forced open in an attempt to scare off the intruder and alert the business owner that something is amiss. Unfortunately, even if the security system alerts the business owner, the owner may not immediately realize something is wrong. After all, she is a busy woman with a business to run. She is also only one person: if the break-in happens while she is asleep or in a meeting, she may not see the alert on her phone until she wakes up or the meeting has ended.
On the other hand, MDR is more like hiring a security guard: You already have an expert on-site, keeping an eye out for any suspicious activity. Should a break-in occur, the security guard can respond right away. That doesn’t mean that alarm systems aren’t useful, but they are more useful if you have a security guard keeping an eye on things as well.
MDR is one piece of the SOCaaS (security operations center as a service) ecosystem, helping create a holistic, turnkey solution to continuously monitor threats across your network.
Good MDR Incorporates EDR
MDR solutions are empowered by EDR solutions, much like how a security guard is better able to perform their job because of an alarm system. MDR analysts and other cybersecurity experts are able to use the data gathered by the EDR system, as well as the abilities it provides, to more easily assess the threat and respond swiftly and appropriately. By leveraging EDR systems, your cybersecurity team can use the data the system has collected to better prioritize threats (such as identifying which users are logged in and which systems and files are being targeted) and move quickly to shut down impacted systems or institute quarantines to contain the threat and minimize or even avoid further damage.
MDR is a particularly effective approach for small and medium-sized organizations, which are less likely to have in-house cybersecurity teams to manage and respond to threats identified by their EDR systems. Many managed security services providers offer a variety of services that can be mixed and matched to suit your needs, whether you are looking to fully outsource your cybersecurity needs or simply augment your existing in-house security team.
Looking to Improve Your Security Posture for 2022? VirtualArmour is Here to Help!
Not everyone is a cybersecurity expert, and that’s okay. No matter your cybersecurity needs, VirtualArmour’s team of experts is always here to help. In addition to MDR, we also offer:
VirtualArmour also offers tailored services on an à la carte basis, allowing you to pick and choose the services your organization requires to create your own premium services package, essential services package, or tailored one-time expert consult. With offices in both Denver, Colorado, and Middlesbrough, England, we are able to offer live, 24/7/365 monitoring as well as industry-leading response times. We have extensive experience working with a variety of highly-specialized industries, including energy, finance, healthcare, and retail, and are well-versed in the unique security and IT challenges faced by service providers.
Unfortunately, constant connectivity is a double-edged sword, bringing both convenience and security concerns that need to be considered and mitigated in order to best safeguard your endpoints and network.
What Exactly is an Endpoint?
An endpoint is a unit at the end of a communication channel that is accessed via a connected network and includes devices, tools, services, applications, and nodes. Traditionally the term endpoint referred to hardware such as modems, routers, hots computers, and switches connected to the network.
However, the advent of the Internet of Things has created a world populated by always on, always-connected endpoints such as smartwatches, smart appliances, smart vehicles, and commercial IoT devices. This shift to continual connectivity poses a variety of cybersecurity challenges that need to be considered.
Whether You Consider Them Endpoints or Not, IoT Devices Pose Serious Security Concerns
Whether you consider IoT devices to be endpoints or not, it is undeniable that unsecured IoT devices pose a security threat. To help safeguard your digital assets (including your network and the data stored on it), you need to be aware of the security vulnerabilities IoT devices introduce to your network so you can make an informed decision about whether or not your organization wants to allow these devices on your network.
This is particularly concerning since most wearable tech devices don’t require a password or PIN or use biometric security features, which means if an attacker is able to physically steal your device, there is nothing keeping them from accessing the personal data on the device or potentially using it as a gateway to infiltrate your network.
The Ability to Capture Photos, Video, & Audio
The always-on nature of these devices means this can happen either with and without your consent, raising serious privacy concerns from both a personal and organization-wide perspective.
Non-Secure, Continuous Wireless Connectivity
Though most of us protect our laptops, smartphones, and tablets with PINs or passwords, wearable devices don’t typically offer this feature, creating unsecured points of entry to your other devices. Much like investing in a high-quality front door lock and then leaving a main floor window open, unsecured endpoints, including IoT devices, present a serious security vulnerability.
A Lack of Encryption
Most of these devices aren’t encrypted, which means your data is left exposed whenever you sync your wearable technology with another device such as your smartphone or store it on a manufacturers’ or third party’s cloud server).
Minimal or Non-Existent Regulations Leaves Organizations Legally Vulnerable
Most of the security issues posed by wearable devices will need to be addressed by the manufacturers that produce them, which means the legal issue around self-regulation vs. government regulations is an important point to consider. Whether manufacturers self-regulate or fall under the purview of regulatory bodies, companies that suffer a breach because of the security shortcomings of a wearable or other IoT device will likely be held fully accountable from a legal perspective.
These security concerns should give organizations that are considering allowing wearable technology on their networks reason to pause. Though these wearable IoT devices have become commonplace, organizations should carefully consider the security implications of those devices before allowing them to potentially access sensitive company data and may want to consider keeping these devices off their networks until better security features become available.
Though your IoT thermostat and smart refrigerator might seem like odd targets for hackers, like wearable technology, the focus of the attack isn’t necessarily the IoT device itself. Instead, these devices act as a gateway to the rest of your network and the sensitive data stored on it.
Depending on how interconnected your home or workplace is, cybercriminals may be able to use these IoT devices to turn off your security system, access financial or human resources data, or even spy on your family or employees via your security cameras or nanny cam.
Attackers may also target these devices for their computing power alone, using your smart lighting system to mine cryptocurrencies (an attack known as cryptojacking, which we discuss in detail in this educational article).
Hacking someone’s car to cause it to crash may sound like something out of a James Bond movie, but with smart vehicles, this movie trope has become a reality. A recent study by a team of security researchers at the New York University Tandon School of Engineering and George Mason University found that car infotainment systems that are connected via protocols like MirrorLink can be exploited to override safety features.
Other research teams discovered similarly troubling results when looking at Mazda, Volkswagen, and Audi smart cars. This study found that MZD Connect firmware in Mazda’s connected cars can be used to run malicious scripts using a USB flash drive plugged into the car’s dashboard. In response to the research, Mazda put out a disclaimer clearly stating that third parties are not able to carry out remote customizations on their connected cars, but the data suggests otherwise.
Research conducted by Pen Test Partners found that third party car alarms (which often claim to protect against keyless entry attacks) can actually decrease security by allowing cyberattackers to exploit vulnerabilities in the alarms themselves to:
Turn off engines (potentially causing the vehicle to crash)
Send geolocation data to attackers
Allow cybercriminals to learn the car type and owner’s details
Disable the alarm
Unlock the vehicle
Enable and disable the immobilizer
Spy on drivers and passengers via the car’s microphone
These security flaws may make it easier to cause car crashes or steal vehicles, a safety and security nightmare neither individual car owners nor organizations corporate fleets want to deal with.
Third-party apps can also introduce security risks, a startling discovery backed by research conducted by Kaspersky. In this study, the research team tested seven of the most popular apps from well-known brands and found that most of the apps allowed unauthorized users to unlock the vehicle’s doors and disable the alarm systems, and none of the apps were secure.
These involve cybercriminals intercepting and possibly altering or preventing communications between two systems. In an industrial IoT setting, this could involve tampering with safety protocols on industrial robots, potentially damaging equipment or injuring workers.
Just like it sounds, device hijacking involves unauthorized parties seizing control of a device. Unlike man-in-the-middle attacks, these types of attacks can be difficult to detect because the device’s basic functionality typically remains unaffected. In industrial and commercial IoT settings, attackers may use a single compromised device to either infect other smart devices on the grid or use the device as a gateway to gain access to more sensitive areas of the network.
DoS, DDoS, & PDoS Attacks
DoS: Denial of service (DoS) attacks are designed to render a device or network resource unavailable (denying service) by temporarily or permanently disrupting services provided by a host machine such as a web server.
DDoS: Distributed denial of service (DDoS) attacks involve flooding the host with incoming traffic from multiple sources (often either a group of attackers or a single attacker controlling a botnet of devices). These types of attacks are incredibly difficult to stop because you will need to block all incoming traffic from all malicious sources, turning your defensive actions into a game of cybersecurity whack-a-mole.
PDoS: Permanent denial of service (PDoS) attacks (also called phlashing) are similar to DoS and DDoS attacks, but the goal is not to cause temporary disruption but instead to damage devices so badly that they need to be replaced or have their hardware reinstalled. An example of this type of attack is the BrickerBotmalware, which is coded to exploit hard-coded passwords in IoT devices to cause a permanent denial of service. Attacks like BrickerBot could be used to damage water treatment plants, knock power stations offline, or damage critical factory equipment.
DoS, DDoS, and PDoS attacks can be used to target IoT devices and applications, causing serious disruptions, serious injuries, or permanent damage in both commercial and industrial settings.
Protecting Your Devices (& Yourself) in an Always-Connected World
All of these security concerns may have you tempted to throw out your computer and brush up on your typewriter skills, but there is hope. Here are some steps you can take to manage your IoT device security risks.
Take steps to protect your IoT device security by ensuring all IoT devices are fully under the owner’s control at all times and are not being exploited by unauthorized users to access your network or harness devices for a botnet or other illegal activities. To do this, make sure you have protocols in place to actively monitor all IoT devices and look for signs of tampering.
Safeguard your organization’s data by taking steps to ensure that all data generated by IoT devices is not exposed or altered when stored on devices, transferred around the network, or transmitted to cloud-based services (including cloud networks owned by either the device’s manufacturer or provided by third-party cloud companies).
Take steps to safeguard individual’s privacy and organizational privacy by putting alerts in place that will notify you if private or sensitive information is being captured or generated by IoT devices. If that data must be collected, make sure you know where that data is going, how it is being stored, and what it is being used for. This will not only help safeguard your organization’s data but, depending on your industry or vertical, may be required by legislation such as GDPR, PCI, or HIPAA.
Are you considering incorporating IoT devices in your workplace? The VirtualArmour team is here to help you assess the risks and create flexible yet robust security protocols to help safeguard your organization, your workers, and your data and develop a cybersecurity incident response program tailored to meet your organization’s unique needs. For more information, or to start updating your security posture, please contact our team today.
The holidays may be a time for spending time with loved ones and exchanging gifts, but the gifts cybercriminals bring aren’t jolly at all. 2020 Has been a rough year, and many organizations have felt the strain, particularly when it comes to cybersecurity and adapting to the changing tactics cybercriminals are employing.
This year, give your organization the gift of a good cybersecurity posture by taking steps to safeguard your digital assets.
The Cybercrime Pear Tree: How the Sudden Shift to Remote Work Has Changed the Workplace Landscape
The sudden pivot to remote work earlier this year left many organizations scrambling to continue daily operations and minimize disruption, which means cybersecurity may have fallen down your list of priorities. 2020 saw an increase in the number of cyberattacks and brought with it new attack surfaces. Paired with a distracted workforce and unanticipated staffing shortages in a multi-stress environment, 2020 created very favorable conditions for cybercriminals that are likely to continue into 2021.
The continued shift to remote work has meant that many organizations are relying on new and unfamiliar infrastructure and processes to continue daily operations. This lack of familiarity and the artificially accelerated shift to remote work means your team may not know about existing vulnerabilities in the software they are using to do their jobs. Cybercriminals are continually exploiting existing vulnerabilities in remote work technologies, so you need to ensure all software used has undergone a security audit.
However, even if your organization has thoroughly vetted all new technologies and processes, you can’t be certain that your business partners, vendors, and other third parties have been as studious, which means you need to be extra vigilant and may need to take additional steps to minimize risk to your organization.
The Human Factor
The pandemic has taken an emotional toll as well, leaving workers distracted and stressed. Personal and financial stressors leave workers more vulnerable to social engineering attacks, and remote workers may not be as vigilant about their cybersecurity posture at home as your internal security team is at the office.
As more workers call in sick or need to take time off or reduce the number of hours they are available to care for dependents or relatives, many organizations are facing unanticipated staffing shortages. At the same time, while many workers used to find working from home increased their productivity, the forced isolation, limited privacy, loneliness, and new demands brought by the pandemic have decreased productivity dramatically.
In the United States, recent data suggests productivity among professional and office workers is down 11%, and manual service and industrial workers are, on average, 17% less productive. In-house security teams have been particularly hard hit as they are forced to operate in an environment where they now face multiple crises on various fronts at any one time, each of which demands significant attention from both management and security teams. Securing a remote workforce is also more difficult than securing an on-site workforce, further adding to security workloads.
The Digital Partridges: Threats to Guard Against
Phishing Attacks Leveraging Video Conferencing Software
Many cybercriminals have begun to leverage video conferencing software such as Zoom and Skype to launch phishing campaigns. Criminals create phishing emails made to look like legitimate pending notification emails coming from Skype, Zoom, or a similar platform. When users click on the link in the email, they are asked for their username and password, which are then harvested by unauthorized users for criminal purposes.
Since social engineering attacks often rely heavily on email or other communication types such as phone calls or text messages, remote work environments are particularly vulnerable to this type of attack as users trade in-person meetings for phone calls, video conferencing calls, and text-based forms of communication.
Social engineering plays on two main factors: our innate desire to help others and emotions such as fear, urgency, or other forms of psychological distress. Cybercriminals trick or scare users into opening malicious files, click on malicious links, or reveal sensitive information. A sense of urgency prompts users to act quickly before they have had a chance to properly weigh the request and consider it rationally. By the time users or their superiors realize something fishy is going on, it may already be too late.
Protecting Your Presents: Steps Your Organization Can take to Safeguard Your Digital Assets
Adjust Your Cybersecurity Strategy
Most cybersecurity strategies were developed with on-site workers in mind, so it is vital to review your cybersecurity strategy in light of remote work and adjust accordingly. You should already be reviewing your security practices at least once per year, but if your next scheduled review isn’t for a while, it might be a good idea to add an additional review to your list of New Year’s Resolutions.
You should also make sure you have a robust yet flexible cybersecurity incident response program in place. If you don’t already, you may want to consider drafting one as soon as possible. You should also review your incident response program and ensure that it takes remote workers into account and is still able to meet your organization’s security needs.
Secure Your Endpoints
An endpoint refers to any device such as a computer or mobile phone that can be used to access your network. While all the endpoints in your physical office may already be secure, you need to ensure that any home devices being used to access your network meet your security standards. Organizations that rely on BYOD (Bring Your Own Device) policies are particularly vulnerable to cybersecurity attacks since organizations don’t have direct and complete control over how those devices are being used, what other programs are installed on them, and other factors that may compromise your network’s security and leave your digital assets vulnerable.
Regular Cybersecurity Training: The Gift that Keeps On Giving
This holiday season, consider giving your workers the gift of cybersecurity training. All employees, from the lowest ranking intern up to the CEO, should receive cybersecurity training as part of their onboarding process and undergo regular refresher training.
The sudden pivot to remote work has likely affected how workers complete their daily tasks, so you should consider adjusting your current cybersecurity training program to account for these changes. You should also make sure that, as part of this training, you explain to workers why certain steps, procedures, and policies are important and how they contribute to the overall security of your company; When workers understand the “why” behind the “what,” they are more likely to see the value in additional steps and make sure to take them.
Run More Exercises
Exercises such as pen (penetration) tests and tabletop exercises are incredibly valuable.
Pen tests involve hiring an ethical hacker to stress-test your network and look for vulnerabilities. Your team can then use the insight gained by the hacker to improve your overall security. Running a pen test on your network, with a focus on any new software your remote workers are using, can help ensure that your organization isn’t left vulnerable.
Tabletop exercises act like cybersecurity fire drills: workers are given a hypothetical scenario (such as a hack or data breach) and tasked with responding to it effectively. Tabletop exercises allow workers to apply the knowledge they gain in cybersecurity training in a no-risk environment. Once the scenario is complete, you and your team can sit down and review your response’s efficacy and identify any gaps or problems that need to be addressed.
Should you experience a breach or hack, our team can help you fend off the attack, identify the root cause of the issue, and identify steps you can take to mitigate or even avoid damage and create concrete plans to help you prevent similar attacks going forward.To learn more about the cybersecurity threats 2021 is likely to bring, and what steps you can take to safeguard against them, please contact our team today.
Traveling is stressful, even when things go smoothly. Your routine is disrupted, you are in an unfamiliar place, and there is a good chance you are not as well-rested as usual. This can make you less vigilant about your cybersecurity, and if you don’t speak the local language, you may have trouble getting the information you need to make an informed decision. These factors mean that semi-public places such as airports are also a hacker’s best friend. When you are focused on making your connecting flight, figuring out what happened to your luggage, or trying to determine where your new gate is, your usual cybersecurity best practices may no longer be top-of-mind, and hackers and other cybercriminals will try to take advantage of this.
Airports, in particular, offer a false sense of security. After all, you had to be processed by security before entering, so logically an airport would be safer than other public places such as shopping malls or bus depots where just anyone can walk in. However, while airport security is concerned about cybersecurity, their main focus is protecting the airport and airlines from external threats. As such, cybercriminals may be able to operate undetected within the secure area of the airport and take advantage of the chaos of traveling to snare unsuspecting victims. USB charging ports and free wifi are two common traps that too many travelers fall for.
Free Airport Wifi
While unlimited data plans are becoming more affordable, and more common, most of us still have some a cap in place. As such, free wifi can seem like an oasis in the desert. However, while you may be tempted to connect to that “Free Airport Wifi” network, how do you actually know that network is safe? If you don’t know, with absolute certainty, that a publicly accessible network is safe, the best course of action is to avoid connecting to it. A good mantra to follow in this situation is “when in doubt, go without”. If you encounter anything suspicious in an airport, including a suspicious wifi network, you should alert airport security.
USB Charging Ports
More than one traveler has realized at the most inconvenient time that their phone or laptop is about to die. Whether you need to finish that report for your boss before you land, or just want to keep your kids entertained with the iPad, a dead battery can quickly turn a smooth travel experience into a rocky one. To help travelers top up their batteries, many airports offer USB charging stations. Though you may assume it is safe to connect to these, you should be extremely wary. Hackers can and do modify chargers to log your keystrokes and steal sensitive information (including passwords) off of your phone, tablet, or laptop while it charges. While older digital devices that rely solely on power-only connections are not at risk, owners of newer models that rely on a single USB port for both charging and data transfer should avoid public USB charging ports. After all, it would be better to have to explain to your boss why you couldn’t finish that report than explain how the sensitive company information on your laptop came to be compromised, potentially exposing the entire organization to DNS spoofing or malware such as ransomware.
What You Can Do to Protect Yourself
The best thing you can do to protect yourself against cyber threats is to remain vigilant, and follow a few easy, yet highly effective, strategies.
Create a Strong Password
A strong password is necessary whether you are traveling or not, but you should be extra vigilant while in unfamiliar territory. Choosing a password that follows the NIST (National Institute of Standards and Technology) guidelines is a good place to start: Passwords should be no shorter than eight characters, avoid sequential or repetitive characters (such as 12345 or AAAAA), avoid context-specific passwords (such as passwords that include the name of the site or your name) and avoid common passwords (such as “password”). You may also want to consider investing in a subscription to a password manager, which can help you create and store long and complex passwords that are more difficult to crack.
Use Your Hotspot
If you really need internet access for your laptop or a tablet that does not have its own data plan you should tether to your phone instead of relying on free wifi.
Disable Auto Connect
When you are away from home or the office you should disable auto-connect on your phone. This will help prevent you from inadvertently connecting to suspicious and potentially compromised wifi networks.
Invest in Battery Powered Charger
To avoid having to rely on potentially compromised USB charging stations, you should invest in a good battery powered charger. These chargers can often charge your phone or even your laptop multiple times before they require recharging, and can help ensure your journey is safe and smooth.
Keep Your Software Up to Date
When companies discover vulnerabilities in their software, they release patches to fix them, but you can only take advantage of the fix if you download the patch. Make sure your software (including both your operating system and individual apps) is fully up to date before you leave home. Recently patched software is also a target for cybercriminals, who know that not everyone will be vigilant about downloading the patch right away. This means that cybercriminals will specifically try and exploit recently patched cybersecurity holes in the hopes of gaining access to private and sensitive information.
Disable Unnecessary Connectivity
Your Bluetooth connection and hotspot should only be active if you are currently using them. Turning off your Bluetooth and hotspot when they aren’t in use helps ensure that your digital devices remain secure by cutting off potential paths that cybercriminals can use to gain unauthorized access.
Keep an Eye Out for Unusual Activity
Avoid using your debit card while traveling, and stick to cash for smaller purchases and credit cards for larger ones. Credit card companies provide fraud protection, which means that if you are compromised, you are much less likely to be on the hook for unauthorized purchases. While cash is ultimately the safest form of payment from a cybersecurity perspective, carrying large quantities of cash comes with its own safety hazards. You should check your credit card statements regularly while traveling, and keep an eye out for any suspicious transactions. If you do discover something fishy, you should report the suspicious activity to your credit card company right away. Suspicious activity may necessitate freezing your card, which is why you should have enough cash on hand to cover any emergencies. Your credit card company will also be able to advise you on the next steps if you have been compromised.
Whenever you visit a website, particularly one you have not visited before you should keep an eye out for a few red flags that may indicate the site is malicious. You should always be extra vigilant when visiting your bank’s website, your email, or any other site that requires you to enter sensitive information. Poor grammar and spelling may indicate that the site is not entirely above board, and misspelled company names (particularly in the URL) are a huge red flag. Cybercriminals know that humans make mistakes, and a transposed or missed letter could land you on a site that looks like your bank’s website but isn’t (a common form of phishing). If you don’t catch this ruse before you enter your credit card information, password, or other personal information you may have just inadvertently handed over sensitive information to cybercriminals. When visiting a website, take a moment to look at the URL. To the left of the URL, there should be a little padlock. This padlock indicates that your connection is encrypted, meaning that any information you enter onto the website will go directly to the intended recipient. This prevents man-in-the-middle attacks, which are used by cybercriminals to exploit weaknesses in websites and intercept their traffic, including your personal information and passwords. While some web browsers may flash a warning on the screen when you attempt to go to an unsecured site, this is not always the case, so it is up to you to ensure that if you do stumble upon a suspicious site, you exit it as soon as possible. These simple, yet effective, strategies can help you safeguard your personal information against cybercriminals both while traveling and while at home. If your line of work involves a lot of business travel, your company may want to consider talking to their MSSP (Managed Security Service Provider) about infrastructure changes (such as virtual private networks) and employee training that can help ensure sensitive information remains secure when employees need to work remotely. By remaining vigilant and avoiding activities that could leave your digital devices exposed, you can help ensure that the only unexpected bumps on your trip come from airplane turbulence. Bon voyage!
On the surface, a Bring Your Own Device (BYOD) policy seems like a great business move. By allowing employees to use their own devices, such as laptops, smartphones, and tablets, companies can save money and increase productivity. However, securing your network in a BYOD environment poses unique challenges from both a cybersecurity and a privacy standpoint. If you don’t address these risks properly you could be leaving your company, and it’s data, vulnerable. This guide is designed to help your company smoothly transition to a corporate BYOD policy.
When you allow your employees to access corporate data using their own devices from anywhere it increases the possibility that your data may be leaked. Mobile devices are the weakest link when it comes to network security because they are the most susceptible to attacks. Mobile phones and tablets require constant patch updates to secure security loopholes, and even a single missed patch can leave your company, and its data, vulnerable.
Increased Exposure to Vulnerabilities
Due to the nature of BYOD companies have minimal control over any corporate data either stored on employee devices or accessed via employee devices. If an employee forgets to install a security update, connects to a suspicious wifi signal, or loses their phone it could put your data at risk.
The Mixing of Corporate and Personal Data
Having employees use their own devices for work makes it difficult to distinguish between personal data and corporate data. If the device is lost or stolen corporate data can be put at risk. Allowing these two different types of data can also pose significant privacy concerns, especially if an employee leaves the company.
Increased Chances of Malware Infection
Not everyone is as careful with their devices as they should be. If an employee unknowingly installs malware onto their device, which is connected to the rest of your company’s network, they might end up spreading the malware to other devices. Depending on the nature of the malware your employee may unwittingly install keylogging software, which would allow unauthorized users to learn your employee’s usernames and passwords. This obviously poses a huge security risk, since unauthorized users could use that information to gain access to sensitive or private corporate data.
Increased IT Infrastructure
When a company switches to a BYOD policy the IT department will need to rework their existing infrastructure to accommodate a variety of personal devices. Most companies end up investing a lot of time, energy, and other resources to make sure that BYOD policies are compliant with existing security and privacy policies. You need to make sure things are done correctly to avoid having to divert more time and resources to fix problems created by a poorly implemented BYOD policy.
How to Protect Your Network While Using a BYOD Policy
BYOD can complicate your cybersecurity needs, but that doesn’t mean it is a bad idea. To help ensure your network stays secure here are some steps you should take and some policies you should consider implementing.
Conduct an IT Audit Before Enacting BYOD
Before you begin implementing a BYOD policy you should conduct a thorough audit of your current IT infrastructure and policies. That way you can address any potential cybersecurity gaps, problems or conflicts with your existing IT protocols before you begin. This will not only make the change over go more smoothly, but it will also help you ensure that you aren’t inadvertently exposing sensitive information or creating a gap in your cybersecurity when you begin to change things.
Not everyone needs access to everything. To help keep your network secure you should add role-based access. That means that how much access each employee is granted is tied to their role, and their access is limited to only to systems and information their job requires access to. You can also restrict access on a profile basis, which will limit who is allowed to access your systems remotely and allow restrictions on some applications or filesharing to within your internal office network. This will not only improve your cybersecurity but will also make it easier for you to audit and monitor your data and better control a leak should one occur.
Require Two-Factor Authentication for Mobile Access
Both passwords and physical devices can be stolen, which is why many companies are enacting two-factor authentication processes for employees who need to access the network remotely. Two-factor authentication requires employees to use two different pieces of information to confirm their identities. Most two-factor authentication systems pair a strong password with a second factor such as a text message confirmation, a hardware element, or something else. For example, if an employee tries to log in using a two-factor authentication method from their laptop they may be prompted to first enter their password and then send themselves a “push”. The push is generated by an app, and in order to log in the employee must acknowledge the push using their mobile phone before access is granted.
Install Mobile Device Management Technology
One of the biggest problems with BYOD is that because employees use their personal devices for both work related and personal uses corporate data and personal data can become intertwined. Installing Mobile Device Management (MDM) technology on all devices used for work helps you, and your employees, keep personal and corporate data separate. It also allows you to remotely access and remove corporate data from employee devices while keeping employee data private. This not only provides your company with stronger control over corporate data but also helps shield you from legal problems associated with accessing employee’s private information.
Enact Network Access Controls
A lot of data leaks are the result of poorly patched software. When software companies discover vulnerabilities in their programs they issue patches to fix them. However, patches are only useful if they are installed. Unpatched and out of date software is vulnerable to cybersecurity attacks because unscrupulous individuals now know exactly what vulnerabilities they can exploit to potentially gain unauthorized access. By incorporating Network Access Control (NAC) you can ensure that all devices that connect to your network are up to date on their software, including anti-virus software. Devices that are not up to date are denied network access until they are updated.
Protect Your Endpoints
Endpoint protection involves using security programs that scan all devices requesting access to your network. This software then identifies any devices that may be infected with malware or other viruses an
d denies them access. This not only protects your internal network but also helps safeguard other company technology assets and other employee devices.
Require Strong Passwords
One of the simplest things you can do to improve your company’s cybersecurity is require employees to use strong passwords. NIST (the National Institute of Standards and Technology) offers comprehensive password guidelines in section 22.214.171.124. (Memorized Secret Authenticators).
Require Immediate Notification for Lost or Stolen Devices
In a BYOD environment, employee’s personal devices are not only connected to your network but may also have corporate data stored on them. Therefore, if an employee’s device is lost or stolen your company should be informed immediately so that you can take proactive measures to protect your corporate data. You should have clear cut policies in place that requires employees to report lost or stolen devices and make sure that all employees understand that this is the case.
Use Device Locator and Remote Wiping Services
Should a device be lost or stolen you should have protocols in place for safeguarding the data stored on the device. A device locator service (such as Find My iPhone) can help you and your employees locate lost devices. However, if the device is stolen you may need to consider wiping it so that unauthorized users cannot use the device to access corporate data. Remote wiping services can help you remove corporate data from employee devices that may have fallen into unscrupulous hands.
Create a Policy for Exiting Employees
Ending a working relationship with an employee is never pleasant, but that doesn’t mean that you don’t need to be prepared for that eventuality. You need to have clear and robust policies in place for removing corporate data and access to your network from the personal devices of exiting employees. All employees should be aware of those policies and when an employee is exited those policies should be enacted as soon as possible.
A BYOD policy is a great way to reduce costs and increase employee productivity, but if it isn’t implemented correctly it can cause headaches and leave your corporate data vulnerable. Not everyone is a cybersecurity expert, and many businesses don’t have the resources to create a full time, in house cybersecurity team. That is where Managed Security Service Providers (MSSPs) come in. MSSPs can provide your company with protection and monitoring 24/7/365 and help you mitigate damage should a cybersecurity event occur.