The BYOD (Bring-Your-Own-Device) age has been around now for some time, and the megatrends of remote work brought on by the pandemic have influenced the phishing landscape with significant business impact. While it benefits companies to allow BYOD to reduce costs and keep employees happy using their own familiar devices, it also makes securing corporate networks a challenge. Now the corporate workforce is uber-mobile, requiring 24×7 access from outside corporate firewalls, requiring security teams to review their security infrastructure to minimize the attack surface. The BYOD age, however, is here to stay. In fact, stats from a techjury article highlights the increase in BYOD in 2020:
- 67% of employees use personal devices at work
- BYOD generates $350 of value each year per employee
- A BYOD-carrying employee works an extra two hours
- 87% of businesses are dependent on their employee’s ability to access mobile business apps from their smartphone
- 69% of IT decision-makers in the U.S. say BYOD is a good thing
- BYOD market size is expected to reach $366.95 billion by 2022
- 59% of organizations adopt BYOD
The growing BYOD trends make endpoint security challenging. Legal, privacy, employment, and other pertinent issues must be addressed when determining a mobile device policy. Before diving into how best to approach network security and control, defining each of the ownership models’ options is essential. Here’s a breakdown of the various forms of mobile computing that the BYOD age entails, and their associated security risks:
BYOD – Bring Your Own Device. The best known and perhaps most feared by IT, this ownership model gives employees complete responsibility for selecting, supporting, maintaining, and often securing their own personal device, which will also be used for business purposes. It’s often used by smaller businesses that have limited resources and very little or no corporate controls.
COBO – Company-Owned, Business Only. Perhaps IT security’s most desired mobile computing framework on paper is mostly not suited for today’s business environment. COBO relies on a corporate-owned device – be it a laptop, tablet, or phone – provided by the organization and used solely for business use only. It can be configured with security protocols established by IT, but with all the applications and cloud access points used today, threats from phishing and other bad actors are still prevalent and hard to stop.
COPE – Corporate Owned, Personally Enabled. The idea here is that workers can utilize a corporate device for both business and personal use, much like with BYOD. The difference is that IT security executives can still employ security protocols and best practices in protecting the device and the corporate network from threats. Of course, like with COBO and BYOD, there are just too many access points for bad actors to infiltrate the device.
CYOD – Choose Your Own Device. In this scenario, the option for which the device gets used is up to the individual. They can purchase mobile hardware from a pre-authorized company list of approved items. The flexibility gains here might be advantageous to the employee using the device, but the security challenges can be daunting.
POCE – Personally Owned, Company Enabled. Perhaps most similar to BYOD, the POCE framework better takes endpoint security into play by taking over part of the device used for business purposes. Access to the corporate network is via a portal that is sectioned-off from the private part of the device.
With all of these mobility frameworks, some benefits and challenges need to be considered. With employee flexibility and productivity come network access and security challenges. Phishing attacks can lead to credential stealing, data loss, and IP theft, leading to millions in fines and other legal ramifications.
As your organization’s mobility framework embraces the expanding remote workforce, security professionals should review their current endpoint security strategy to ensure they’re protected against sophisticated, fast-moving phishing threats. SlashNext Mobile and Browser Phishing Protection are fast, real-time phishing protection in a lightweight, cloud-powered apps and browser extensions that protect users without compromise, no degradation in user experience, and does not transmit personal data. To find out how you can protect your remote workforce from the growing number of sophisticated phishing and social engineering threats, watch a demo today.