Get Cyber Streetwise: How BYOD Could Expose Your Business To Internet Threats

Internet Threats

If your employees walked in through your reception door with mud all over the soles of their shoes and then walked that mud into the carpet … all the way up the corridor – you’d probably have a word or two with them.

In the age of BYOD (Bring Your Own Device) your employees are now using their own gadgets to walk through your company’s IT network and some of them are not wiping their feet.

A mind boggling 11 million internet-enabled devices were given and received as Christmas gifts throughout the UK this year and, as we’ve discussed in previous Stoneseed blogs, your employees don’t want to turn them off when work starts. BYOD is rising fast and now experts are emphasising the importance of security and urging businesses to take the threat of cyber criminals seriously.

Perhaps it’s time that you put a bristly doormat at the entrance to your IT network, but be careful to whom you extend the “Welcome”.

In the UK, the government has launched a campaign which aims to arm you, your employees and your business with the knowledge and skills to take control of your cyber security.

It’s called “Cyber Streetwise” and its timing is impeccable.

Cyber criminals are now focussing more attention on SMEs. The small to medium enterprise market has some low hanging fruit for hackers because, astoundingly, many small firms internet security is painfully lacking and many of those that have addressed this are then leaving themselves open by not having proper BYOD governance in place.

BYOD, the phenomenon where employees carry out work for you using the same gadget that they use to surf the net whilst watching Coronation Street at home or “Like” what their long lost school friend is having for tea, is catching on fast. Very fast. It’s a perfect storm of your people using tech that they know inside out, are keen to learn how to use fully and best of all that you don’t have to pay for or train them to use. But how safe are your networks in these times of BYOD? Well let’s take a look at your staffs’ muddy boots?

The government’s most recent National Cyber Security Consumer Tracker survey makes interesting but alarming reading.

Of 22,762 consumers questioned…

  • Less than half (just 44%) always install internet security software on new equipment. You have to be across this. In the age of BYOD you simply MUST be certain that that employees’ tech is compliant with your company’s internet security before you allow them to access your network.
  • Then more than six out of ten are not downloading updates and patches for their PC when prompted. That only 37% DO download updates and patches for personal computers when prompted is cause for concern but it gets worse because it falls to 21% for smart phones and mobile devices. Insist that they are keeping their OS and security up to date of it could be you that pays the price of a security breach.
  • Only 30% are in the habit of using complex passwords to protect online accounts. 70% of users are logging in with passwords that are easy to crack. One large UK public sector organisation, itself recently hacked, has a system that insists on regular scheduled password changes. Great idea that, except at least one of its employees uses the word “PASSWORD” with a number at the end that increases each time the system prompts him to change, “PASSWORD1”, “PASSWORD2”, “PASSWORD3” and so on. This particular accident waiting to happen in now on “PASSWORD47”.
  • The password thing is so BASIC it’s perhaps surprising that the government needs a campaign to hammer it home and yet you would be amazed at the number of employees using incredibly weak passwords to access your company information. Make sure that they use uppercase and lowercase letters, numbers and where possible characters, make sure they are unique to them, memorable, and change them regularly.
  • Only 4 out of 10 check websites are secure before they make online purchases. 57% do not always check websites are secure before keying in their credit card details. BYOD’s great but it does have the potential to expose your network to cyber attack from anywhere that your employees have been.

It’s little wonder that “ethical hacking” is tipped to be one of the highest paid jobs of the future. You pay someone to hack into your system to highlight your weaknesses and it is easier than you’d imagine. One “ethical hacker” was able to gain commercially sensitive information last year by setting a spoof social media profile and targeting a firm’s employees and senior staff.

Do a little ethical hacking yourself … make sure your systems’ security patches ARE up-to-date … educate your people on the importance of strong passwords the extent of their responsibilities when it comes to protecting your business information.

Be vigilant that your people DO install anti-virus software on new devices, teach them about checking privacy settings on social media (and check your own privacy settings!!)

Have a dialogue about the importance of checking that online retail sites are secure, and tell them why downloading software and application patches when prompted matters.

The government is waking up to the threat of the cyber criminals, as it’s moving more of its services on-line it’s not before time.

More of what you do and will do is moving the same way.

Wipe your feet.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
David Cotgreave

David Cotgreave MBA, BSc (hons), PRINCE II, is Professional Services Director at Stoneseed, with over 20 years’ experience in IT Consulting. David has worked with organisations such as BT Engage IT and KPMG, before founding Stoneseed in 2009 and has gained considerable business experience whilst working with a wide range of organisations across the UK and Europe carrying out a range of strategy, review and implementation projects. David is currently responsible for leading the Professional Services and IT Advisory business within Stoneseed. The IT Advisory team work with clients to realise value and efficiency from their IT investments through a range of services including requirements definition and IT Strategic Planning.

  • trin long

    BYOD is a big security problem, but many companies are willing to deal with it because of the potential productivity gains. BYOD devices login on to a network is simply going to be the reality of enterprise IT, but the most important thing is to secure the data and not just on the network but with the various ways device now communicate. Our hospital put a BYOD policy in place to use Tigertext for HIPAA complient text messaging, mostly to deal with the reality that the doctors were sending patient data over regular SMS which is not HIPAA compliant. The reality was that the doctors were doing this because it was more efficient for them. Now we have the doctor using HIPAA compliant tigertext and the patient processing productivity doubled in the last quarter – a significent business advantage. Yes, BYOD is a big security issue, and yes their are real productivity gain to be had, but IT is going to have to be creative to get them and maintain security. Here is an example of a BYOD policy similar to ours: http://www.hipaatext.com/wp-content/uploads/2013/03/BYOD-Policy-20130213.pdf