Very recently, the Telecommunications Regulatory Authority (TRA) warned the population from the use of public Wi-Fi especially for official, work-related or sensitive data. It is obvious that there is a direct connection between unsecured network access and the increased risk for data compromise—commonly called a data breach. We’re talking specifically about BYOD and guest devices, and failure to properly secure the way in which they connect to the network. When people discuss BYOD security, often they focus only on encryption for wireless data over the air. As we will see, that’s an important element, but it’s not the whole story.
Lack of role-based network access for BYOD and guest users leaves the door open for data breaches
Secure network access means access on a need-to-know basis. Not every breach is the stuff of hoody-wearing cybercriminals hiding in the shadows. Many data breaches come from unintended disclosure. Well-meaning stakeholders sometimes make mistakes and disclose data improperly. The more people that have access to a given set of data, the more likely someone will make that kind of mistake. As much as we don’t like to think about it, stakeholders can also disclose sensitive data intentionally.
A sound data governance strategy requires that users should be able to access only those network resources appropriate to their role in the organization. Policy-based controls are a cornerstone of such a strategy, and if you don’t enable these controls, it leaves the door open to data compromise. If you don’t have the means to define and manage policies to restrict access, the chance of a breach is greater.
Even within the organization, when someone not authorized to view certain data does so, that’s a breach. To pick a very specific example, call center employees should not have access to the server containing an Excel file with employee payroll data. Role-based policy capability for network access is essential, and lack of differentiated network access risks data compromise.
Failure to perform a security posture check for BYOD and guest users can lead to trouble, too
Most of us would agree that BYOD programs increase employee productivity. And visitors to most environments expect easy connectivity for their devices, just as employees do—whether the location is an office, public venue, school, college or most anywhere. That’s a lot of unmanaged devices accessing the network—either over wireless or via a wired connection. IT teams don’t control those devices the way they can for IT-owned devices, and if not managed properly this can also leave the door open to a data breach.
Failure to perform an up-front security posture check before BYOD and guest devices connect is a risk area as well. Malware is one of the leading causes of data breaches—for example, keyloggers that capture every character typed into the keyboard of an infected device. You don’t want malware like that spreading into your environment. If you let an employee connect their BYOD laptop without checking that anti-malware has been installed, that’s a security hole that needs to be plugged. More than that, the malware signatures for that software need to be up to date. A security posture check during network onboarding can make sure that BYOD and guest devices employ basic security measures.
Most tech-savvy users of mobile devices have a PIN enabled in their phone or tablet. But imagine what would happen if an employee connects their BYOD phone to the network, which thereby gains access to network resources housing confidential data. Suppose it’s a new phone and they don’t have a PIN enabled yet. Then someone steals the phone.
The network does not know the thief isn’t the employee, and the device can still access those same network resources. This is where lack of a security posture check leaves the door open to data compromise. A proper security posture check would have included remediation for that device—just require that employees have a PIN enabled before they can connect.
Unencrypted wireless data traffic is another IT security hole
This section discusses a security hole that applies only to wireless access. Unless you encrypt data traffic in transit between wireless access points and devices, prying eyes can view it using commercially available network analysis tools. (The same way anyone can spy on what you do over an open public Wi-Fi connection at the local coffee shop).
Of course, many websites are themselves encrypted these days. But often not all page components are encrypted, and users have no way of knowing which components those are. Mobile applications may or may not encrypt their data traffic. App developers have an incentive not to encrypt data traffic, because encryption imposes overhead on the back-end systems that support their apps.
In an enterprise environment, you might think anyone would be crazy not to encrypt wireless traffic over the air. But Message Authentication Code (MAC), one of the default methods for connecting devices—does not encrypt wireless data traffic. It’s also not unheard of for IT to provide one or more open SSIDs in some environments—if only for guest users—especially when the organization lacks a system for secure network onboarding. Whatever the circumstances, unencrypted data traffic is a risk area.
-Ends-
© Press Release 2018Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
