Tackling the security challenges of BYOD for the SMB
By Dawie Bloomberg, Managing Director, Green Apple IT
The Bring Your Own Device (BYOD) trend has gained traction both within the corporate and Small to Medium Business (SMB) space. It offers a number of benefits for the smaller organisation. However, the BYOD trend also presents a number of challenges, chiefly related to security. These security issues are similar to those faced by the enterprise, but unlike the enterprise the SMB does not have a full blown IT department to rely on to address them. SMBs are often more concerned with focusing on their core business than dealing with IT security, but the reality is that in today’s world security challenges need to be addressed if SMBs are to take advantage of the value of BYOD without falling foul of the problems it can bring.
For the SMB, the concept of BYOD can be enormously beneficial. It can help to increase productivity, as every individual has their own preference on how they work best, and BYOD lets them use the device of their choice, with which they are already familiar. There is also a cost saving benefit, since the SMB no longer needs to buy specific devices but can simply plug and play employees existing devices. However, while the plug and play nature of BYOD is one of its benefits, it is also one of its biggest weaknesses, since this concept is prone to opening an organisation up to a host of security concerns.
The challenge is to find the right balance of access for authorised users, while ensuring that unauthorised persons cannot gain access to the company network, something that can be additionally complex given the often-unstructured nature of the SMB IT environment. SMBs need to prevent unauthorised access to data, and ensure that permissions are setup properly to achieve this while allowing employees to access the information they need.
However, BYOD and the security challenges surrounding it are not the only security issues faced by SMBs. Wireless networks are commonly used in SMB offices as they are quick and easy to setup and share between multiple devices. These are convenient but can add another layer to security issues and vulnerabilities. When setting these networks up, users often forget to change the passwords on wireless routers and modems, and even if the passwords are changed they need to be strong to prevent unauthorised usage. Leaving standard passwords or having weak passwords on the devices means that outside users can gain access to the network and an organisation’s bandwidth, using this for their own purpose and potentially limiting the productivity of an organisation.
Internet security is also important, and it is necessary to have adequate firewall technology in place to prevent attacks from outside the organisation, such as cybercriminals and hackers, who steal corporate information. Firewalls need to be set up correctly so that there are no loopholes for attackers to exploit, as this adds another layer of security to protect the SMB.
Circling back to the issue of BYOD, there are several other security concerns given the mobile nature of these devices. Because they are portable, they are more likely to get lost or stolen, which means that sensitive information could be compromised. Using built-in features such as screen locks and passwords is a simple but necessary step to preventing the casual attacker. SMBs should also invest in security technology that enables the encryption of sensitive information, as well as the ability to remotely wipe the device should it go missing.
It is also necessary to allow users on mobile devices such as laptops and tablets to access the company network when they are not in the office. Securing remote access can be done either by ensuring a very strong password is in place, or by hard coding access for specific devices using each device’s unique MAC address. This will block any devices that are not permitted from accessing the network. Remote desktop technology is another option, allowing the user to access the server as if they were in the office, ensuring that the same security policies apply to remote working as they do in the office. It is also possible to set up a Sharepoint site that allows users to access common data via the Internet, with passwords to authenticate users and access.
BYOD offers many benefits to the SMB, and is a convenient way of allowing users to work on technology they feel comfortable with. However, it does present security challenges on top of those already faced. When it comes to securing the SMB organisation, this often is not a core focus or priority. It is therefore vital to partner with a reliable and reputable IT service provider that will ensure security solutions meet requirements, are fit for purpose, and will allow SMBs to benefit from their technology without falling prey to attacks and security threats.