Why Risk Management Is Essential for BYOD Threat Reduction

As you evaluate your company’s bring-your-own-device (BYOD) program, you will notice that risk management and BYOD security are intimately connected. In today’s environment of global communication and commerce, risk management is essential for reducing technology-related threats. The process of assessing threats to your company can be completed in two steps. First, you must identify known threats and vulnerabilities that exist industry-wide. Next, you must identify threats and issues that are unique to your business operations. Once you know what you are facing, the following nine steps can help you develop an effective security solution to combat each threat.

Nine Steps to Effective BYOD Risk Management

BYOD Threat Reduction

This nine-step process for developing an effective BYOD risk management and IT security program will help you analyze risk on both an industry-wide and intra-company level. From here, you will have all the data you need to develop an effective and enforceable BYOD security solution.

Create an IT Risk Management Procedure: Rather than start from scratch, take your existing risk management procedure and incorporate additional protocols to conduct an annual overview of IT-related risk management issues. Include processes for as-needed risk evaluation when new technology is implemented or business and IT processes are altered.

Identify Threats and Educate Employees: Threats can come from technology, people and processes. People-centric threat assessment should factor in risk from hackers, employees, vendors, competitors and customers. Technology-centric threat assessment must consider BYOD and BYOC programs, misuse or loss of corporate technology, malicious hacking/phishing and malware/viruses. FEMA (Federal Emergency Management Agency) suggests that you should also factor in environmental issues such as disruption of IT service due to weather or acts of God.

Secure the Threat Landscape: Next, you begin to build a foundation for threat resistance with installation and implementation of anti-malware software and tools.

Identify and Address Vulnerabilities: Beyond common threats like malware, you now begin to evaluate vulnerabilities specific to your company and business operations. Addressing these threats should include regular scans of your entire IT infrastructure, including servers, devices, software, applications and support devices (printers, scanners).

Begin Security Monitoring: Your security monitoring procedures should include both internal monitoring and any mandated monitoring (from regulatory or government agencies). It is helpful to think of security monitoring as the security overseer that assesses the effectiveness of every part of your IT security system, from malware detection software to MDM (mobile device management) monitoring.

Institute Reporting and Response Processes: Even the tightest IT security systems will occasionally fall prey to common issues such as device loss or theft. When these incidents occur, employees must know how to respond immediately. Your reporting and response process should include dedicated staff who are on call to handle sensitive security breaches without delay.

Dialogue and Adjust: As you roll out your IT risk management and security systems, continual dialogue and feedback will help you make important adjustments. Be sure employees have the opportunity to offer ideas and suggestions. Also, consider scheduling IT-related risk assessments frequently in the early stages of program rollout.

Revise and Refresh: As you dialogue and adjust your processes, it may become apparent that you also need to revise and/or refresh your technology, including threat detection and antivirus software. All employees who participate in company-wide BYOD programs should install and update security software for each device used for company business.

Consider Advanced Security Systems: Depending on the industry your company operates in, your risk of being targeted for security breaches may be higher or lower. If you determine that your operations are at high risk for APTs (advanced persistent threats), also consider installing advanced security systems to combat these more unique risks.

When you evaluate internal and external threats, risks and vulnerabilities and follow this nine-step approach to secure your data, you will be well-prepared to effectively respond to risks that arise.

 

About the Author:  Laura Malkri is a former IT manager. Currently, she works as a consumerization consultant specializing in BYOD risk management processes using Trend Micro products.

Please donate!


Comments

  1. The Reader says

    I’m not sure why my comment didn’t post the first time, but here I go again: employee education is something you simply cannot afford to overlook here.

  2. Calvin says

    A lot of helpful information. I recently was given the OK to use my iphone for work things. And I can see how that would be a recipe for disaster in some situations.

  3. Heather says

    You have to stay on top of these kind of things. It’s of utmost importance, really. Think of all the information your network has!

  4. Ross says

    As an IT professional, I’ve dealt with several cases of people having their BYOD networks tampered with. It’s a legitimate thing to watch out for.

  5. Mallory says

    This- I should clarify. I’m researching evolving internet threats for an IT security class. Give some more background. :)

  6. Mallory says

    I’m researching this for my class project and it’s been truly helpful. I think I’ll cite this in my report, actually.

  7. Brett says

    I just learned what risk management is and it makes so much sense why it’d be so useful for these things. I’ll bookmark this article for future reference.

  8. Howie says

    This was a helpful article, considering all the ways BYOD could potentially lead to a security breach. I’m not saying it would, but I’m saying it could happen.

Leave a Reply

Your email address will not be published. Required fields are marked *