Management Clueless on ‘Bring Your Own’ Vulnerabilities

The rise of employees being allowed to ‘Bring Your Own’ (BYO) device into the workplace is a major set-back for information security. However, this development is being led by senior managers who are largely ignorant to the risks.

Who is to blame, and how bad is this situation?

A couple of years ago, the idea that employees might be encouraged to bring their own computing devices into the organisation, and use them for work, would have been considered a crazy idea – and a big backward step for information security.

However, a recent study by ISACA members shows that 23% of UK businesses are already allowing this. The industry even has a catchy name for it ‘Bring Your Own’ (BYO).

Why is BYO being pushed so strongly. Clearly, the rise of the iPad has played a big role. You only have to walk down a first class rail carriage to see more of these in use by high salary individuals than traditional laptops. Clearly, device manufactures are all for it – giving them a convenient entry into the business market with what was only ever designed as a consumer product. Their concern is sales, not ensuring that security is maintained.

Ian Mann, founder of ECSC, says “Information security professionals all recognise the risks. Devices outside of organisational control are a source of vulnerabilities. They create a route for hackers to obtain confidential information, and this area is likely to be the next big cause of security breaches”.

So, is the answer to ban all employee owned devices? Perhaps not, according to Lucy Sharp of ECSC, “Rather, you need to assess the risks. What access are you giving them, what data may be accessed from (or stored on) these devices.”

As with all technology developments, you need to understand the risks, and develop appropriate controls to allow you to exploit new opportunities without compromising your information security.

Ian Mann, commenting on senior managers says, “The big problem here is one of communication. Security and IT teams find it difficult to challenge the CEO who wants to use their iPad. However, in our experience, if you effectively communicate the risks to management, they make more sensible decisions.”

Paul Lambsdown, Sales Director with ECSC adds, “As with all technology developments, there are potential business benefits – and these cannot be ignored. It is the role of information security to facilitate new developments, whilst protecting critical information.”

ECSC has produced a Management Briefing ‘Bring Your Own… Vulnerabilities’, to help you understand the risks of BYO, and explain them to senior managers. This can be downloaded from the ECSC web-site homepage at
www.ecsc.co.uk

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on Linkdin
Share on facebook
Share on Facebook
Share on email
Share via email

Other posts that might be of interest

Internet Psychology

Can you do boring tasks?

Last week, not far from the M25 in Buckinghamshire, the biggest-ever boring machine in the UK started its slow churn through the Chiltern hills to dig a tunnel for the HS2 rail system. It will

Read More »
Fence painting
Online Business

When did you last paint your garden fence?

If you are a “big change” business, then you are like my garden fence. Leaving it unpainted for so long has created much more work, at a higher cost, than if it had been tended to every year. Ignoring reviews of your online activity for long periods also means you make more work for yourself and raise your costs.

Read More »