The Return of the BYOD Threat
Fifteen or so years ago, one of the biggest cybersecurity threats was the employee who used a personal device in the workplace. Even though workers used their home computers to log in to their business accounts, the Bring Your Own Device (BYOD) movement and the security concerns hit its stride with the introduction of smartphones and tablets. The threat came with the unknown—IT and security teams didn’t know what devices were connecting to the network or what, if any, security measures were used on these personal devices.
When Covid sent millions of people from the office to the living room, BYOD shifted in scope. Even though there were more personal devices than ever being used for work, IT and security teams had more control. Many organizations required workers to use VPN connections whenever connecting to the corporate network. Managed security service providers (MSSP) were contracted to help monitor security across disparate workstations. If there was one good thing that came from the pandemic, it was that organizations finally figured out how to safely implement BYOD and decrease the risks of using personal devices.
What’s Old Is New Again
Now, as workers are told to return to the office full-time, there are new reports about threats targeting BYOD machines. According to research from Cyberint, 70 percent of infected devices on corporate networks are non-corporate machines. The primary danger posed by unmanaged devices, as identified in the research, is the theft of login credentials, which allows hackers to secretly infiltrate a system.
Just as BYOD risks have returned, so has the reason the devices were a risk in the first place: BYOD is, once again, either using very basic security protection or not protected at all.
Social media is a common source of BYOD-related threats , which isn’t surprising with the volume of links, articles and emails sent through these platforms. However, unsecured software and gaming also poses a significant risk on someone’s device. Users who utilize software from less than legitimate sources or play games that tend to allow downloads from miscellaneous creators potentially leave the gates of security wide open. Downloading torrents and software also allow a device to have the potential of malicious installs. If the user of the computer then uses that device to connect to the network, they’ve just opened a huge risk for the company.
So once again, cybersecurity researchers are seeing how BYOD has become the Holy Grail for threat actors, who are not only stealing credentials to get into networks but also selling them on the dark web for financial gain.
You Have the Power to Protect Your Systems
Workers may have become more lax about the security of their personal devices because they have been under corporate security controls for the past four years. It is also possible that security teams have bigger problems to worry about. However, as shadow AI is on the rise and regulatory compliances are constantly shifting, the chances are unfortunately good that most employees are violating whatever BYOD policies were once in place. It’s time to dust off those policies and take a closer look at who and what are connecting to your network. If you need help analyzing your security systems or upgrading your protections, we can help.