A sophisticated, ingenious and highly distributed mobile threat is gathering its forces, preparing to attack your network at the end of the year. In a steadily growing flood, it is moving from store shelves to hiding places under millions of holiday trees, from where it will launch its stealth attacks.

Is your bring-your-own-device (BYOD) policy ready for the holiday onslaught of new mobile devices and technology? Ready or not, here it comes.

Millions of people, including your employees, will be playing with new and more powerful smartphones and other mobile devices — and trying them in the office. Even virtual reality (VR) tech is going mainstream, Network World recently reported.

A Cloudy BYOD Policy

BYOD is an unstoppable force in the modern workplace. Now, it is possible to build highly restrictive networks largely sealed off from BYOD. In fact, for some functions in some industries, this is necessary for regulatory compliance. But these amount to specialized exceptions. In most of the enterprise world, people expect and even need to use their personal mobile devices in the workplace.

The real BYOD policy challenge stems not just from employees’ mobile devices themselves, but also from the clouds that come with them. Mobility and cloud computing are two sides of one coin, because once people own and use two devices, the cloud becomes inevitable. Even data stored locally on one device is technically in the cloud.

This is why shadow IT is proliferating. According to CIO, organizations may have 17 to 20 times more cloud applications running than their chief information officers (CIOs) are aware of. A large portion of these cloud services are handily available via smartphone apps. Employees are liable to use these services without a second thought. Who thinks of handy mobile apps that we use every day as shadow IT?

The Reality of Virtual Reality

If the Pixel X phone and Daydream VR headset take off as Google hopes — or some other equivalent technology combination becomes a holiday hit — VR will also be knocking on the office door over the holidays.

This takes us into new terrain for BYOD policy, because we really don’t know what the implications will be. On one hand, what new capabilities will VR provide, and how will these be managed? On the other hand, what happens if, say, an inaccurate VR map leads to a workplace accident?

Now is the time for IT leaders to ask critical questions to solidify their BYOD policies. Are employees aware of the policy? If it calls for whitelisting of devices, is it actually enforced? And how does the policy address mobile applications? Knowing the answers to these questions will help IT security teams face the mobile technology onslaught.

more from Endpoint