4 BYOD Risks HR Managers Should Know About

4 BYOD Risks HR Managers Should Know About

4 BYOD Risks HR Managers Should Know About

In today’s employment atmosphere, a growing number of companies are shifting toward a more flexible workplace. By implementing bring your own device (BYOD) policies employees are now increasingly using their own devices for business purposes.

Even though such policies can bring numerous benefits to companies, they come with some inherent risks. The following four issues are worth examining before deciding on a BYOD policy.

Irregular Updates

Every mobile device is vulnerable to hacks from outside sources. Your smartphone, tablet and laptop all have similar software that can be hacked if firewalls and other security features aren’t in place or aren’t updated regularly.

Busy employees often put off their security updates. Unfortunately, their phones are then automatically open to potential attacks. In a regular IT environment, it’s up to the business’s IT department to secure every device used for company purposes. Since the devices are the employees’ private property, they are responsible of keeping them updated with the latest versions of security software.

Viruses and Malware

Viruses and malware have numerous pathways that they can take to infect an employee’s device. The worst thing is that an employee’s device could be hacked without them even being aware of the situation.

For example, your employees can receive phishing email with a malicious link that could install viruses or malware when clicked on. The infection could then spread onto the company’s server and compromise corporate information in a matter of seconds.

The phishing email could also look as if it’s from a familiar contact or even a legitimate website. It could ask your employees to click on a link and in order to log in into their account. The employees would then enter their user names and passwords on fake websites giving hackers access to their sensitive information. Identity theft is always a possibility in these hacking situations.

Unsecured Connections

Your employees might use their devices to connect to public Wi-Fi to access necessary data on your company’s server or to go online for personal needs. Unfortunately, using public networks is dangerous since they allow multiple people to connect to the same network, and that includes hackers.

Hackers could intercept the data your employees download or upload, they could install malware on your staff’s devices and even gain access to their email. This is another way malware could spread from the infected devices onto the company’s server and compromise the safety of corporate data.

Your employees need to be aware of these threats and take the appropriate preventive measures. Instruct your employees to turn off Wi-Fi when they don’t need it and disable it from automatically connecting to open networks.

You can also set up a virtual private network (VPN) which will allow your employees to connect to a hotspot without worrying about data breaches. Connecting to a VPN encrypts and secures any data being sent or received. This disables hackers from intercepting sensitive information and compromising the security of your employees’ devices.

Missing Devices

The best opportunity for stealing corporate data is when a device gets into the wrong hands. Lost or stolen devices are always a big security issue, which can lead to leaked proprietary data and vulnerable business positions.

IT professionals need a plan in cases this happens. A remote wipe policy is a very good solution which allows the IT team to completely remove all data on a device after it’s been reported missing.

Since BYOD devices include an employee’s personal data, you need to make sure that the employee agrees to a remote wipe of every piece of data even before they are hired.

Employees should see this step as both a protective corporate and identity-theft policy. To avoid any further information hacks, employees can also make it more difficult to access the data in the first place. A fingerprint or PIN passcode frustrates thieves, and they might toss the device before trying to access the information.

Final Thoughts

These security issues aren’t a reason to forgo a BYOD policy. However, appropriate security measures are necessary in order for it to be successful. Begin your BYOD strategy by educating your employees about the importance of regular updates and how to recognize security threats.

They need to understand that every piece of data is priceless to the business and their personal life. In reality, many people don’t realize how valuable their data is to hackers outside of the corporate atmosphere.

Employees also need to agree to corporate statements, liabilities and compliance measures in order to make this BYOD program a success. At the very least, add professional indemnity insurance coverage to the company so that any data leaks are quickly resolved.

Finally, by protecting the data with software and passwords, businesses can keep their proprietary information private. In the end, the employee’s device can be as safe as any company-issued electronic.

About the Author:

Josh McAllister

Josh McAllister is a freelance technology journalist with years of experience in the IT sector, and independent business consultant. He is passionate about helping small business owners understand how technology can save them time and money. 

Josh is a contributor of a number of digital outlets, and well published including DZoneIoT World News, and Rabid Office Monkey.


If you want to share this article the reference to Josh McAllister and The HR Tech Weekly® is obligatory.

Advertisements
How to Protect HR from Ransomware | Featured Image

How to Protect HR from Ransomware

How to Protect HR from Ransomware | Main Image

Companies have HR departments that are responsible for storing confidential information such as an individual’s social security number, payroll information, health information as well as employment history.

Because of enormous amount of sensitive data collected on individuals, HR departments opt to store data in a digital format, thus, making it susceptible to cyber-threats. Furthermore, since HR departments receive more email that any other department in a company, they are even more vulnerable to such threats. One of the most challenging form of cyber-attacks that HR departments face today is ransomware.

Ransomware is a type of malware that encrypts data and restricts access to a computer system. Often malware is sent through an email in the disguise of a resume or cover letter. When the email is opened, then the malware infects the computer and the entire network. The next time a user tries to gain access to the computer system, he or she is required to pay a monetary ransom in the form of Bitcoin to remove the restriction. WannaCry is one commonly known name for the recent ransomware attack that affected many companies.

Ransomware not only steals an individual’s personal information, but it damages a company’s reputation and financial status as well. The good news is that there are steps that HR departments can take to prevent ransomware attacks.

Basic Security Measures

It is imperative that HR departments work closely with the IT department to implement strong web filters and spam controls as a basic security measure. Next, the IT department should have Endpoint analytical tools to immediately detect, quarantine and shut down ransomware invasions.

Finally, always have a working data backup plan that is not connected to the company’s network so data cannot be infected.

Latest Operating and Software System

The IT department should make sure that the company’s operating system and software is up-to-date. It is extremely important that security updates are installed on all machines as they are released to protect all computers on the network.

If the company uses Microsoft Office software, it is recommended that macros are turned off. In addition, remove plugins if using Adobe Flash, Adobe Reader, Java or Silverlight since these plugins can run a risk of having embedded malware attached to them upon installation.

Employee Training

It is essential for companies to train employees on their information security policies. Employees must understand that technology alone is not enough to protect sensitive data and that there are cybersecurity threats that can bombard them.

Employees need regular training sessions in learning how to use technology as well have an understanding that technology is not always foolproof. There should be employees training in the do’s and don’ts of data protection. Since HR employees receive numerous emails daily, they need to know what types of files are safe to open.

Finally, employees need to know how to respond, and to whom they should report a cyber threat if the unthinkable happens.

Network Segmentation and Separate Work Stations

The IT department needs to ensure that the company’s most sensitive data is not stored all on one network. This is done through network and database segmentation. A restriction should be in place where only certain authorized individuals can access sensitive information. For example, make one person the administrator for the system.

The administrator should only log into the system as absolutely deemed necessary and use a regular account for everyday use. Furthermore, the IT department should assign dedicated workstations to employees responsible for reviewing resumes and monitor workstation usage.

Outside Testing

To ensure the validity of the company’s security, it is a good idea to hire an outside firm to test the vulnerability of its IT security. By hiring an outside firm, the company can understand where hackers can possibly penetrate the system, and take necessary steps to make data more secure.

To conclude, HR departments have access to massive amounts of sensitive data and the employees are typically not very well educated in knowing how to protect themselves from data breaches. Therefore, they are an easy and lucrative target for hackers.

It is easy to see why HR departments are prone to such cyber-attacks. However, when the HR staff works more closely with the IT department, preventive steps can be taken to reduce ransomware attacks. Precautionary steps such as implementing basic security measures, installing the latest operating system and software, setting up network segmentations and dedicated workstations, training employees and having outside testing to check for security breaches can save a company’s reputation and financial status.

About the Author:

Josh McAllister

Josh McAllister is a freelance technology journalist with years of experience in the IT sector, and independent business consultant. He is passionate about helping small business owners understand how technology can save them time and money. 

Josh is a contributor of a number of digital outlets, and well published including DZone, IoT World News, and Rabid Office Monkey.


If you want to share this article the reference to Josh McAllister and The HR Tech Weekly® is obligatory.