In our last blog, we talked about why office cyber security is no more of an issue now that employees are returning to the workplace than it was before the pandemic. As we discussed in that blog, phishing, ransomware, and other cybercriminal activities caused significant cyber security risks for businesses before the pandemic, and they continue to do so now.
In this blog, Part 2 of our series about cyber security risk management when returning to the workplace, we will talk about Bring Your Own Device (BYOD) policies and how employee personal devices and habits impact your overall IT security.
TL;DR: There’s a high likelihood employees will be using their personal devices to complete more work tasks now. Make sure you at least know what devices are accessing your network, so you can secure your data. Learn more.
Employees have been using personal devices for years in the workplace, and they have always been a security risk. Right now, they pose slightly more of a cyber security risk for businesses like yours because:
In short: Your employees may have developed a preference or dependence on their own devices, cybercriminals are actively looking to leverage those devices, and you may not have the ability to replace personal devices with company-owned and managed ones.
It’s bad news, folks.
Luckily, it’s the tech world, so nothing is ever all gloom and doom. There are fixes for everything – and they usually tend to be pretty easy to accomplish.
To keep your business data safe from potentially compromised employee-owned devices, we recommend that you:
Note that this requires clear and kind training for your employees, so they understand how to update their devices. Also, this can be nearly impossible to enforce without a Mobile Device Management (MDM) and Mobile Application Management (MAM) solution like Microsoft Intune.
Intune is unobtrusive and creates a secure, segmented environment that requires authentication for your data on employee-enrolled devices. Learn more about Intune here – it’s a killer tool for managing WFH or on-the-go employees.
Perhaps your employees will be using a work computer and a personal device in a hybrid WFH situation. In this case, they will need to share data between these devices. Sharing data improperly creates huge cyber security risks for businesses.
Unfortunately, it is disturbingly easy to infect an entire network through a single infected USB drive, and cybercriminals can use that knowledge to break into a system. In one study, IT security researchers found that 48% of people plugged in USB drives that they randomly found in a parking lot. Of those, only 16% bothered to run an antivirus scan on the drives – ouch.
Instead of inviting trouble into your network, proactively prevent cyber security risks by reminding employees about the correct protocols for sharing information, such as through Microsoft Teams. While you’re at it, make sure you remind employees that email and personal Dropbox accounts are also not secure or acceptable ways to sync company data.
We touched on this tip in our last article when we mentioned that employee-owned or long-dormant company-owned technology would likely have outdated security patching that needs to be updated. While updating those potentially compromised (or easily compromise-able) devices, it is a smart idea to segment them away from your company’s critical data.
In addition, implementing Managed Detection and Response (MDR) or Endpoint Detection and Response (EDR) solutions can help you identify what devices are trying to access your network and when. These solutions can automatically quarantine or block unapproved device access while providing you with clear insight into what personal devices employees are trying to use in the office.
Once you know what’s going on, you can follow up with employees about their device habits and require them to update and patch their tech. Simply patching and updating all devices significantly reduces cyber security risks for businesses.
One of the best ways you can secure your business network from unsecured or otherwise suspicious personal devices inside and outside the office is to create a Zero Trust Network. Whereas a firewall creates a security moat around your office and assumes everything inside your office is safe, a Zero Trust Network creates a secure perimeter around specific business data, requiring that even the devices inside your office be required to authenticate to access secure data.
We explain more about Zero Trust Networks here, but that is just one example of a tactic that managed IT services companies use to proactively protect your data inside and outside the office, on every device.
Learn about how you can manage IT security post-COVID in our next post…
For 20 years, the friendly and knowledgeable team at Interplay in Seattle has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.