top of page
  • Manoj Ghimire

How to minimize BYOD risks: Best practices to secure your workplace in 2022

Bring your own device (BYOD) policy is not just a buzzword anymore. With more and more people working remotely and with the growth of personal devices being used for business purposes, BYOD practice has become very common. While it certainly has its own perks such as work flexibility and increases in efficiency and productivity. On the other hand, it has created a significant security risk for businesses.

Employees using their own devices to access workplace resources including personal cloud services, network files, documents, printers, and web proxies poses threat to company data, intellectual property, and consumer information.

Designing more stringent BYOD policy guidelines and enforcing them will help secure your workplace and boost productivity within your firm. Following are some of the general guidelines that companies could adopt follow to keep their organization secure.

1. Restrict Jailbroken and Rooted Devices

Jailbroken and rooted devices are considered "security compromised". These compromised devices are susceptible to security flaws, malware, viruses, and exploits that are not present on secure devices. Also, it is easier to Infiltrate organizational networks and application resources using such devices. Furthermore, manipulating a company's network (creating DoS, other botnet activities, and exploitation) is more likely with rooted devices.

2. Device and Office Apps must be protected by screen lock passwords

The screen lock password (including PIN or pattern locks) is a basic security measure that many device owners still overlook. Screen lock passwords are easy to set up and offer rudimentary protection against data loss/theft. Enforcing this deterrent control as part of BYOD prior to giving access to the company network and applications your policy is recommended. This is a standard feature available with any MDM and MAM solutions in the market.

In addition to device lock, we recommend further authentication be required to access business-sensitive apps – Mail, cloud storage, etc. Note – Almost all modern devices come with biometric authentication, and we strongly this be the preference over password/pin/pattern lock.

3. Use MDM, MAM for efficient management of endpoints

Use of mobile management technologies, such as MDM and MAM can reduce unnecessary operational overhead by simplifying endpoint management while providing better control over organizational policy enforcement, access control, workspace management, and data loss prevention. This way you can keep your company data safe and secure while not limiting agility and productivity and allowing employees to enjoy their personal devices.

4. Enable Encryption of Company data

Loss and theft are quite common when it comes to mobile fact, it is inevitable. Sometimes the devices could need repair or other times individuals do pass on their devices to their family and friends. It is always recommended to always encrypt company data on mobile devices (business or personal)

Enable remote lock and wipe to protect company data when the need arises.

5. Restrict TOR connection

Most threat actors use the TOR network to deploy their servers. As a result, there must be a policy that applies to inbound and outbound traffic from and to the TOR, being blacklisted or not allowed.

6. Permit only compliant devices access to company information

To connect the device to the corporate workspace, it must be patched with the latest OS version, as per corporate policy. Users must keep their devices updated to the latest OS version to stay ahead of malware. Between major revisions, this update includes minor updates that may fix security vulnerabilities. Most mobile security management (MDM) suites can enforce update policies and push updates to ensure that users' devices have the most up-to-date patch levels.

7. User Education, Awareness, and Training

It is important to educate the users on the benefits and risks of BYOD. It is strongly advised that you don’t assume that your employees understand the risks of BYOD and expected ways of working – Use BYOD dedicated training and awareness sessions to articulate benefits and risks in a clear, concise, and contextual manner. Regularly communicate and keep the workforce abreast of threats and risk landscapes using plain and simple languages.

Stupa brings to you a leading cyber security awareness course that is Conscious, Contextual, and Consumable to deliver the desired outcome. We aim to raise awareness and reduce risk by empowering your employees to improve their cyber well-being.

8. Trusted network and VPN for connectivity

VPN connection(proxy) enforcement should be mandatory to ensure that all interactions with the corporate network are secure. Either the device VPN or the application VPN should be configured. So that Man IN The Middle Attack, DNS spoofing for injecting malware can be avoided.

9. Periodic re-authentication

Re-authentication on a regular basis ensures that the user is legitimate. For any device that might be stolen or compromised during authenticated use, unlimited access without re-authentication is a security vulnerability. After a certain time, management suites can force re-authentication.

Even better is to monitor user behavior analytics as part of your wider operational security to proactively detect and respond to security events (suspected/actual).

10. Restrict access to third-party applications

If third-party software tries to access data on the organizational network, it must be blocked. Establishing a proper sandbox environment within a device for such an organizational network and prohibiting copying from the organizational network to other networks.

11. Data ownership post-employment

The time of employee exiting an organization access to corporate data and network from BYOD should be revoked. Include this as part of your organization’s standard Joiners, Movers, and Leavers process. 12. MDM allows for geo-fencing. When the device is in a particular region, restrict or allow some features. It's possible that the camera will only work outside the office building. Similarly, certain applications are only accessible outside of the company's network.

BYOD is pivotal in amplifying agility, efficiency, and productivity at workplaces with the shift in consumption of digital technologies and ways of working globally. However, not having a properly defined policy and appropriate endpoint management technologies in place to administer BYOD in your network can be catastrophic. Furthermore, the lack of appropriate user awareness programs to educate and train employees can amplify the impact on the organization at all levels - commercial, regulatory, technical, and reputational damages.

Stupa is a practice-led independent information security strategic consultancy and advisory services with a proven record of accomplishment at industry leadership levels. Our industry expertise can support with your BYOD policies and understanding and configuration of your end-point management technologies.


Protect your Business, Customers, and People with Stupa

Powered by Breach Hunters and a Community of Global Security Researchers.

30 views0 comments

Recent Posts

See All


stupa_transparent (1).png
bottom of page