Construction is an industry that has been mobile by nature since the dawn of time. With the emergence of mobile devices and the cloud, BYOD (bring your own device) is something we talked about long before the COVID-19 pandemic. But now with the rise of remote work, it is a topic that is talked about more widely and broadly. As such, there is more research about the rise of enterprise security risks in an era of remote work and BYOD.
Such is the case with a new report from Lookout about the State of Remote Work Security. Looking across all industries, the research suggests a whopping 43% of remote employees use their own device in place of company-issued equipment. And 92% of remote workers perform work tasks on their personal mobile devices.
Naturally, there are some inherent security risks that come along with this, as many of these devices are not managed by IT (information technology), which means organizations have very little visibility or control over the risks these devices present. Everything from operating systems to apps often remains unsecured, leaving corporate data at risk.
A bigger challenge is remote workers are often more heavily targeted by nefarious characters. About 55% of workers using BYOD receive spam and phishing messages compared to 45% of workers who use company-issued equipment.
Another challenge is workers using their own devices often aren’t as diligent. Here is where the statistics get a little bit scary. Roughly 45% of workers use the same password for both work and personal accounts and 46% save work files onto their personal devices. About 32% use unapproved apps for software and 31% are less likely to follow safe security practices when working remotely.
What is needed to combat this is BYOD programs to guide these workers. The inevitability of using their own device is apparent. Now, companies need to prepare for it. Here are three steps to consider.
Start with the right policy: It begins by creating corporate policies around BYOD. Such policy could stipulate what corporate data can be accessed and managed on a personal device—and what data cannot. It could guide workers to best practices for password creation and management and ongoing updates to devices. Zero trust will also be key here and should be considered for enterprise and BYOD devices.
Such policy could have stipulations for shadow IT, which is the use of applications or devices that have not been vetted by the employer’s IT department. Shadow IT introduces security risks because the IT department cannot ensure the app used is secure and follows best practices to minimize the chances of data leakage. The Lookout study shows employees using BYOD tend to have twice as many unapproved apps as those using company-issued phones. Also, about one in three remote workers said they used apps or software that are not approved by their IT department out of convenience.
While there is no one right policy to implement, consistency will be key here when developing policy. Continuous validation of users and data is also critical. Make sure to include what will happen if an employee deviates from the guidelines.
Develop the right training: Perhaps part of all of this is good training for employees—something that is needed regardless of BYOD. Every company needs good security training across the board, as we all know people are often the weakest link when it comes to securing our data. One study suggests 95% of cybersecurity breaches are caused by human error. Good training can reduce phishing, malware, and hackers.
Consider technology: In addition to strong policy and training, companies may also consider technology to help detect and respond to incidents that may occur. Advanced context-aware data protection is key for businesses. Using the right technology can minimize risk, data leakage, and unauthorized access to sensitive data.
Now is the time to secure our businesses, as cyber criminals are becoming big businesses. They are getting smarter, and they are getting our data. How will you protect your company from phishing attacks and data exfiltration in the years ahead? Now is the time to answer this very important question.
Want to tweet about this article? Use hashtags #construction #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure #BYOD #security