If any of those delights happen to be mobile devices like swanky iPhones or tablet computers, you or your colleagues may be tempted to use them to their fullest capability and swap out work issued devices, which might not be quite as impressive as the Santa gift. Before anyone does that, they need to make sure they have checked their organisation’s policy on Bring Your Own Device (BYOD) to make sure that they know precisely what they need to be doing in order to be compliant and secure, not only for the business but for themselves.
If you are the Information Security Officer (ISO), now might be a good time to start reminding staff about this policy and finding ways of making sure you have really embedded the organisation’s response and posture on BYOD. Many businesses will be starting to close down for the festive period and not all will return at the same point, so make sure new devices don’t suddenly start popping up on the network that you were not aware of or have not gone through the appropriate security process.
If you are a user then it’s worth reminding yourself why we have these policies in organisations. According to a study by RiskIQ, by 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs. This is up from 11k in 2011. We have to know what is sitting on or accessing our networks; the permissions required by some apps, even the legitimate ones are pretty comprehensive and invasive. BYOD policies should cover this as well as standard anti-malware requirements.
Its also worth noting that some devices are actually built insecurely; gaping back-doors are a feature in Xiaomi and Star9500 smartphones, for instance and I am sure these are not the only ones. (See Hacker News.) So the user may not be aware of what a risk they are to your network before they download a single app.
So BYOD policy should include a Santa Clause
and everyone who connects to the network needs to understand, agree and abide by it….the naughty list awaits next year for those who don’t…
pictures courtesy of freedigitalphotos.net