Better BYOD: It’s All about Behavior

When corporate and personal systems get intermingled, it often results in unexpected trouble.

Case in point: Hackers targeted an employee of one of South Korea’s biggest Ethereum and Bitcoin cryptocurrency exchanges, who was using his personal computer to access the corporate network.   After breaking into his machine, the cyber criminals stole personal information relating to more than 31,000 customers.

Incidents like these underscore the security concerns IT raises when organizations allow their employees to bring their own devices to work (BYOD).  But despite any headaches it occasionally causes, BYOD nonetheless offers companies plenty of benefits.

For instance, when employees buy their own devices, companies can support 2,745 tablets with the same budget it would take to buy and support only 1,000 corporate-owned tablets. Similarly, BYOD can save a company between $300 and $1,300 per employee. At this point, according to Gartner, only 23 percent of employees are given corporate-issued smartphones these days. The rest are, presumably, using BYOD devices. Add it all up and it’s clear that BYOD isn’t going anywhere.

Since there is no escape from BYOD, the charge to enterprises is to make it as secure as possible. So, what’s the key to better BYOD? In a word, behavior. I recently caught up with Brian Duckering, senior manager for product marketing at Symantec for a chat about how to do BYOD better. Here are some tips from our conversation.

First on the agenda is education. No matter how frustrated you have become with user behavior, you can’t give up. You have to keep impressing upon users what they must watch out for, knowing full well that inevitably, someone will open a bad attachment, reply to a bogus email address, or allow their mobile device to be stolen.

“Keep your device up to date. Practically every OS update includes a security patch. Install every update as soon as possible, says Duckering. When updates are sent out, hackers know what to target and where to find it – on unpatched systems.

“Be careful what you click on. Popups and the sites they take you to are getting more authentic-looking all the time,” he says. If there is a new version of software from Adobe, say, don’t click on a popup, but go to the Adobe site yourself to get it. In short: Don’t click on anything you can’t absolutely trust.

Second consideration to pay attention to: Technology. Security technology is essential to protect end-user devices, but, again, behavior is key.

“If I have to take extra steps or it impacts the performance or battery life, I’m probably not going to comply,” says Duckering. There is no sense in installing security software on a smartphone if it causes the battery to run out of juice. And if a user has to log into a VPN, proxy or gateway to do basic things, the user probably won’t do it. Result: Either users will not use their devices and become less productive, or they will find a way around the obstacle.

Technology that focuses on behavior, not only of users, but of the BYOD devices themselves, can yield big benefits. Symantec Endpoint Protection (SEP) Mobile (formerly Skycure), implements behavioral analytics to track suspicious patterns. Let’s say you install an app that is 99.8% identical to a well-known app. Why isn’t it 100% identical?

“The difference might be a tipoff that it’s been tampered with and you can’t trust it,” says Duckering.

Or let’s say that hackers are trying to root a device and they are causing an internal process to crash and restart. “It might not be noticeable to the end user, but repeated crashes and restarts of internal processes can be noticed by machine learning software and flagged as suspicious,” he notes.

SEP Mobile also implements crowdsourced intelligence, which enables it to tell you immediately if a patch is available for your device. As Duckering notes, “we can tell you if there is a patch available from Apple before Apple will tell you.”

Doing BYOD right will keep your company’s workforce happy and its data secure.

For better BYOD, education is a first step. But users do the darnedest things. And thanks to human nature, they’ll keep doing them. Scanning your mobile and BYOD infrastructure for anomalies is essential. To do that, you need the best tools on your side – like the behavioral analytics of SEP Mobile.

If you found this information useful, you may also enjoy:

Cloud Generation Endpoint Security – Protect Your Users Everywhere and On All Devices

IT Modernization and the New Perimeter

Symantec: BYOD Resource Center