Bring-your-own-device (BYOD) is an unstoppable force. According to recent research sponsored by Tenable Network Security, 72 percent of organizations allow BYOD, with 40 percent making it available to all employees. Although BYOD risks can compromise enterprise security, the advantages are manifold. A successful BYOD program can improve employee and IT productivity, facilitate collaboration, reduce operating expenses and enhance customer support.

Developing a Policy to Reduce BYOD Risks

It is sensible to develop a policy that specifies what is acceptable and ensures that every user is aware of BYOD risks. An effective policy requires corporate data held on devices to be encrypted, the use of a PIN or password for unlocking devices, and remote wipe or lock capabilities. Many of these requirements can be controlled through the use of technology such as mobile device management (MDM).

But there are other aspects of a security policy that could be enacted to protect sensitive information and devices. For example, some security experts recommend activating an automatic locking function after a specified number of unsuccessful login attempts on a mobile device. Users may resist this policy, since it could potentially keep them from working and dent their productivity. They may even try to circumvent the process, especially if their devices are used for personal purposes as well as work.

Additionally, some users may have young children who get a hold of their devices. Their failed login attempts could inadvertently lock a phone or tablet. The growing use of fingerprint recognition can also be problematic, since it can often require several attempts to get a correct match.

Balancing Security With Practicality

To deal with these issues, organizations must reach a happy medium that balances practicality with security. Unless an enterprise has a help desk that is manned 24/7, user frustration will be high if workers are locked out after hours. Requiring users to contact the help desk will also add to the costs for an organization.

One alternative is to set the lockout duration to a specific time period, such as 30 minutes, before users are able to try again. The duration could increase upon repeated failed attempts, perhaps by an hour or more. This may still be frustrating for users, but it can help prevent anyone who has found or stolen a device from guessing the password. It will also provide a window of opportunity for users to report devices as missing, during which the IT department could wipe the device remotely — so long as MDM tools are used and containerization is enabled so work and personal data are kept separate on one device. Another alternative is to set up a web-based service for employees to request temporary passwords, which are then automatically generated and sent to corporate email addresses.

BYOD risks are real, but it is imperative to strike a balance. Account for security, but do not prevent users from accessing their devices for long periods of time. Requiring that devices are locked after a certain number of failed login attempts is widely considered good policy, but only if procedures are put in place to complement security requirements with practicality. Those procedures need not be onerous to reduce BYOD risks and ensure effective mobile security.

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…