help in homework

New User?

Fill This Form To Receive Instant Help

Help in Homework
trustpilot ratings
google ratings


Homework answers / question archive / Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network

Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network

Computer Science

Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network. In your role as the CSO, the CEO has asked you to brief her on what steps can be taken to implement a BYOD policy while reducing the overall risk to the organization as much as possible.

Write your talking points for the CEO, including the associated risks with BYOD, potential security countermeasures, and your initial thoughts on how you would test their implementation to assess the overall risk level. This can be in paragraph form or a bulleted list of your talking points.

.

.

.

reply a classmate

lasha may

Hello Professor & Class,

Security and privacy are risks faced by both organizations and employees in different ways. Organizations tend to be more concerned about the security of corporate data (and how user behavior threatens it). Employees are more concerned about the privacy and confidentiality of their personal data (and what rights their employers have to access it).

Security risks: Local exposure – Loss of control and visibility of the enterprise data which is being transmitted, stored, and processed on a personal device. One of the inherent downsides to BYOD.

Data leakage – Potential data leakage or disclosure of enterprise data from an unsecured device

Data loss – Physical loss or theft of a device (and thereby loss or compromise of sensitive data)

Public exposure – Susceptibility to man-in-the-middle attacks and eavesdropping at public wifi hotspots often used by remote workers. Connecting to personal area networks, e.g. using Bluetooth, poses similar security risks.

There are a number of measures organizations can take to mitigate BYOD risks: A comprehensive strategy is the best approach, albeit taking cognizance of your organization’s Who, What, When, and Where BYOD usage. Comprehensive should include pairing solutions that work best when implemented in tandem, like MDM and NAC. In addition, solutions should include practical rules that aren’t intrusive or petty. For instance, if your DLP tool identifies an outgoing email that contains the word “confidential” it may be overkill to wipe a user’s message outright. Instead, flag it for a follow-up investigation. (See Remote wipe below.)

Remote wipe- Is the facility to remotely delete data from a device. This includes overwriting stored data to prevent forensic recovery, and returning the device to its original factory settings so any data ever on it is inaccessible to anyone, ever. Risk profiling- Organizations need to understand their own requirements for data protection. This is especially true in regulated environments where there may be compliance requirements, and compile a risk profile. For instance, international deployment and compliance requirements are two scenarios where BYOD risk levels are particularly high.

 

pur-new-sol

Purchase A New Answer

Custom new solution created by our subject matter experts

GET A QUOTE

Answer Preview

Part A

How to adopt a BYOD policy securely

 

  • There is a wealth of technologies available to ensure the safety of employee-owned devices. To ensure appropriate (and safe) BYOD use inside a company, a clear policy and broad acceptance are required. To mitigate the risk related with BYOD, I suggest the following:
  • Establish distinct networks for staff devices: Employees often bring their gadgets to work and use them for business-related activities, especially their mobile phones, in order to connect to free Wi-Fi and avoid utilizing their data plans throughout the day.
  • Educate your employees about security: The overwhelming majority of BYOD security risks are exposed inadvertently. Unbeknownst to the employee, their personal phone may be infected with a virus. When they connect to a network, the infection may spread unintentionally to other computers, presenting a significant security concern.

 

BYOD Risks:

  • Data Leakage - When employees use personal devices to access business email or protected payroll information, data leakage is a risk.
  • Inadequate Management - There are dangers involved with losing control of any device, whether it is used by an individual or the business. When an endpoint leaves your workplace, it's impossible to predict whether it will be utilized on unauthorized open wifi networks or will be lost or stolen.
  • Infection with Malware - The overwhelming majority of mobile phone users are clueless that their system has been infected with malware. They may not read the terms of service on new applications or think carefully about giving up too many rights when downloading new material.
  • Combining Individual and Business Use - Combining individual and business use is an inevitable consequence of BYOD. You have no control over whether employees shop on hacked websites or lose their laptops.

Countermeasures:

  • BYOD policies should be transparent about who owns apps and data, as well as which applications are permitted or banned.
  • Encrypted, password-protected data should be transmitted exclusively for company-mandated purposes.
  • A review of your existing capabilities will assist in identifying and closing these gaps, ensuring the success of your BYOD initiative.

 

 

 

 

 

 

 

 

 

 

Part B

Reply to Classmate

 Hello there,

I agree with lasha may that security issues are very concerning, and this is the main reason why many companies have not adopted BYOD. As a result, this is the primary shortcoming of BYOD. Employee devices will not have the same level of protection as an organization's equipment, and any security measures installed on a personal device will be insufficient to defend against corporate data theft or network access. Furthermore, personal devices often lack adequate authentication, since robust authentication methods may be a barrier when utilized for non-work-related activities. They may only use a single-factor authentication method, which is almost always a password, posing a significant danger to businesses. Even if devices support biometric authentication, they nearly always include a password as a backup, which hackers may easily break.

To mitigate the dangers associated with BYOD, a corporate policy should be implemented. Policy development is critical for a company using BYOD. However, prior to adopting a policy, stakeholders – including workers – should be consulted. Increased staff training is a critical step in mitigating the hazards connected with BYOD. The bulk of cybersecurity incidents are the result of trusted workers, with the majority being the result of human mistake. Personnel must read and sign the company's Bring Your Own Device Policy to improve their understanding of the subject and the dangers connected with it, some of which they may easily avoid.

 

Outline

Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network. In your role as the CSO, the CEO has asked you to brief her on what steps can be taken to implement a BYOD policy while reducing the overall risk to the organization as much as possible.

Write your talking points for the CEO, including the associated risks with BYOD, potential security countermeasures, and your initial thoughts on how you would test their implementation to assess the overall risk level. This can be in paragraph form or a bulleted list of your talking points.

 

Sitejabber (5.0)

BBC (5.0)

Trustpilot (4.9)

Google (5.0)