14 DAY TRIAL // The Information Security Forum (ISF) has published a new report to help organizations address the problems they may face when implementing a bring-your-own-device (BYOD) program.
The study, “Managing BYOD Risk: Staying Ahead of Your Mobile Workforce,” highlights a few key aspects and makes recommendations on how such programs should be implemented to make sure corporate data is not exposed.
More and more organizations are allowing their employees to use their personal mobile devices for work-related tasks. However, in many cases, risk management is either rushed or completely neglected when BYOD programs are quickly put in place.
The ISF warns that risk management must be the foundation of any BYOD program, since well-organized attacks – ones launched by hacktivists, cybercriminals and even nation states – can exploit mobile devices by using them as a “stepping-stone of attack” against the targeted organization.
“The use of personal devices to store and process sensitive information continues to rapidly affect the way we do business. At the same time, it means organizations are easily exposed to new and more complex threats from stolen, lost or destroyed data, malware and other attacks if the device is not securely used and protected,” said Michael de Crespigny, CEO, ISF.
“An employee’s tablet or smartphone may be used in ways which would not be acceptable if it was owned by the organization,” De Crespigny added.
“By putting the right business practices and usage policies in place now, organizations will benefit greatly from the flexibility, increased productivity and reduced costs that mobile devices can bring to today’s workplace, while minimizing exposure to potential security risks.”
The report focuses on how a risk-based approach can be applied to a BYOD program, identifying key risks, and implementation guidance. It also explains how the BYOD Implementation Tool can be used to support each BYOD deployment.
The ISF report is free for members. Non-members can purchase it by contacting steve.durbin (at) securityforum (dot) org.