Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Top 5 Pitfalls to Avoid in BYOD Security

By Pankaj Gupta
smartstuff_enews
August 27, 2013

So, you are the CSO, CIO or CISO of an organization that is embracing BYOD (Bring Your Own device) for its flexibility and efficiency benefits, but you have that nagging worry about what this means to the security and compliance needs of the enterprise. Your instincts are correct. Keep an eye out for the following five major pitfalls in BYOD policy building:

Pitfall #1: “BYOD doesn't mean bring ANY device… right?”

Many companies launch BYOD programs and allow devices that can't be easily protected. Some versions of Android and iOS devices don't have enough built-in security for compliance and data protection. Setting minimum OS version thresholds for users to bring in their own devices for work is a baseline requirement to protect corporate data and apps running on them. When a mobile device is compromised, you cannot safely allow it to connect to the corporate network and it could expose the organization to malware and virus attacks.

You should require upgrading to the latest Android version before allowing corporate network access. This can help mitigate more than three-fourths of existing Android malware threats. To simplify management, you may need to restrict the types of devices supported by the BYOD program, so that you don’t end up spinning your wheels trying to support an outdated phone.

Pitfall #2: Lax User Access Control Policies

Authentication and access control mechanisms have been around since the mainframe days and have evolved through shifts to mobile devices. Carelessness of the user who leaves the device open without a password in a public place can compromise sensitive business information. Sometimes the users are not savvy enough to grant only the minimum necessary permissions to applications added to the mobile device, exposing stored business data on the device to unauthorized access.

Stronger authentication must be encouraged by managing and enforcing password policies. Two-factor authentication should be required before access to corporate networks. User profiles with access rights and restrictions need to be defined using the principle of least privilege. Processes should be put in place for catching exceptions, alerting management upon violations and automatic remediation.

Pitfall #3: Public Wi-Fi and Lack of Data Protection

Public Wi-Fi is dangerous business because your communications are not protected. Standard configuration settings will need to be enforced for enterprise access, including the use of an encrypted network and data access only via VPN and secure HTTPS sessions.

To protect your data, you need to encrypt sensitive information with strong keys as soon as it is acquired, so there is no data traffic in the clear. Data at rest in storage, servers and devices as well as data on the wire (and over the air) should remain encrypted as it is used, stored or moved and eventually decrypted only by the intended receiver.

Pitfall #4: Using the Same Policy for Work and Home

The mobile security policies need to be sufficient to protect sensitive information, ensure productivity and meet compliance requirements. For example, the ability to define time and location windows with access restrictions, including what apps can be run and what apps cannot be run within the boundaries gives you tighter control. For example, your employee might be a wizard at Angry Birds at home, but within business hours, the device would not be able to access that app, keeping the focus on work-related productivity.

Then you can use geo-fencing to monitor and enforce location-based access and usage policies at work locations. You’ll want to make sure that the GPS and location tracking features persist within geo-fence boundaries even when a user turns GPS off.

You need the visibility to track where devices are, where they’ve been, and where they are going at any point in time and have the capability to remotely lock and wipe content, apps and passwords on lost or stolen devices.

Without continuous monitoring, following up on exceptions and alerts, and automated or manual remediation actions, policy compliance can’t be achieved. Are dashboards being monitored? Are reports being generated and reviewed by appropriate personnel? Are alerts being simply ignored? Do you have exception handling, remediation, escalation and audit processes in place? With strong policies, monitoring and enforcement, you can detect and stop misuse, respond to violations and compliance issues and quickly remediate.

Pitfall #5: Ignoring Apps Data and Usage

If you have sensitive data, you need a private enterprise app store for managing your internally developed custom apps, and customized apps that you buy from ISVs and cloud service providers. You should also take control of apps – pushing mandatory apps, blacklisting rogue or time-wasting apps, and whitelisting recommended apps that employees can easily discover and use.

Don’t ignore usage. Usage monitoring, threshold-based alerts and analytics can help uncover misuse, security exposures and prevent cost overruns due to excessive data bandwidth usage or unexpected international roaming charges. After policy threshold levels are set up, you can alert users upon exceptions and monitor patterns to forestall security breaches or attacks.

KEYWORDS: Bring Your Own Device (BYOD) smartphone security smartpone access

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Pankaj Gupta, Founder, CEO, Chief Architect at Amtel

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Person holding large ball of twine

Preventing Burnout in The Security Industry

Harrods

Harrods’ Cyberattack: Cybersecurity Leaders Weigh In

Coding

AI Emerges as the Top Concern for Security Leaders

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • power-plant-energy-freepik

    Top 5 security threats for power plants and how to proactively avoid them

    See More
  • IT-fail

    5 Common Pitfalls in IT Security & How to Overcome Them

    See More
  • leadership-enews2

    How to Avoid Intelligence Program Pitfalls

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!