Skip to main content
Jul 06, 2015

Mitigate Risk by Educating Your BYOD Employees

BYOD security strategies often include firewalls, VPNs, passwords, and other technical measures. The one thing they often don’t account for are the users. Whether it’s tapping into an unsecured wifi network or letting a friend borrow a phone, BYOD users are often their own biggest security threat.

When it Comes to BYOD, Never Assume

A 2013 survey of 1,000 US office workers conducted by Opinion Matters found that an alarming 95.6% of respondents admitted to using public WiFi to perform work tasks on their tablet or smartphone. What is perhaps even more alarming is that more than one-third also admitted to connecting to a public WiFi network at least 20 times per week. These figures point to a significant disconnect between the reality and expectations of organizations supporting BYOD. As much as we’d all like to assume that all BYOD employees are well versed in basic security practices, the survey results show that this simply isn’t the case.

Education: Start with the Basics

While having employees sign a BYOD policy is a good first step, it is no replacement for training. Before entrusting employees with mobile enterprise apps and sensitive data, it is critical that they are formally made aware of basic mobile app security. In training, focus more on best practices rather than delving into highly technical material. Illustrate the importance of constructing strong passwords as well as the dangers of connecting to unsecured WiFi networks. Cover best practices when it comes to suspicious emails and attachments, and provide employees guidance on what to do if they think their device has been compromised. Keep in mind that many mobile users simply aren’t aware of mobile security dangers, and a short training program or course will go a long way in curtailing risky behavior.

Tackling Non-Compliance

In addition to education, enforcement is also an important piece of the BYOD puzzle. Implementing consequences for non-compliance may sounds tough, but it also sends a clear message to BYOD users that data security is a serious matter. While there is no one-size-fits-all enforcement strategy, many organizations are incorporating BYOD compliance into performance reviews and have policies in place to revoke BYOD privileges in the case of non-compliance.

Continuous Education is Key

Technology, as we all know, pushes forward at an unrelenting pace. As advances in mobile technology and apps bring new opportunities, they will inevitably be accompanied by a few additional risks. With that in mind, continuous education to keep BYOD users up to date with latest mobile security threats should be a part of your overall IT security strategy.


More from the Blog
Sep 18, 2018

The App Is The Endpoint

Traditional Endpoint Security is dead, that is to say that hardening the laptop, desktop, or device is not a panacea. ...
Read more
Aug 29, 2018

Using real-time threat analytics to thwart a serial app attacker

How Arxan helped shut down continuous reverse engineering attacks Operating in the Dark It started after releasing an app u ...
Read more
Aug 13, 2018

Don’t settle for cobbled together application protection

Truly comprehensive security should come from a single provider According to Gartner, “by 2021 more than half of enterprise ...
Read more