BYOD policies complicate cyber security for SMBs

A number of small and medium-sized businesses have adopted a bring-your-own-device policy, but by doing so many SMBs may be exposing themselves to undue risk.

Small and medium-sized businesses (SMBs) already have plenty to think about in terms of implementing a layered security system complete with application control software. However, one trend may be complicating their efforts.

Many SMBs have been turning to cloud-based solutions, allowing for information to be accessed from just about any internet-enabled device, including technology not owned or wholly run by the organization. A number of businesses have adopted a bring-your-own-device policy as a way to increase efficiency while also cutting costs, but by doing so many SMBs may be exposing themselves to undue risk.

According to a report conducted by Osterman Research earlier this year, companies with a BYOD policy may not be doing enough to protect their networks from hackers and malware. The research found that more than 4 percent of devices used are infected every month, which means that more than 52 percent of endpoints experience issues annually.

Over the past five years, the number of web-based cyber security breaches has increased by 35 percent, and email-related issues have risen by 12 percent during that period, according to the report. Plus, SMBs have to worry about data loss and hardware theft as well. Those who failed to implement the proper security measures have paid the consequences, as more than $1 billion was stolen from SMB accounts last year.

Barriers to secure BYOD
Despite all of the threats that abound with a BYOD policy, SMBs are not taking the correct precautions because of cost and time concerns. The report found that organizations are spending, on average, $2,400 in IT labor costs to secure one endpoint, which comes out to more than $72,000 a year.

Proper BYOD security costs SMBs time as well. According to the report, the average IT staff member spends about 72 minutes securing each endpoint, which perhaps helps to explain why one IT employee on average manages 33 mobile devices.

Tips for securing a BYOD network
Despite all of the cyber security issues that seem to surround BYOD-enabled SMBs, according to eWeek there are a number of steps a firm can take to make sure it stays safe from malware and other online threats.

Starting off, a business should conduct an audit of its BYOD policy to determine its current state of affairs. This can help an organization discover security loopholes, and then the next steps needed to patch them on the multitude of devices used. According to eWeek, this should not be a one-time process, but rather a step SMBs conduct on a regular basis to ensure its practices are always up to date.

Once an audit has been conducted, eWeek recommended that SMBs implement a standard for what software and applications its employees should be using. This should cover not only what programs to avoid, but also application control and system restore software.

Another step that SMBs can undertake to ensure the safety of their network is to make sure their cloud solutions are not presenting any risks. By encrypting data and regularly updating cloud security measures, businesses can concentrate their cyber security resources into one endeavor instead of trying to target all endpoints, according to the research.

What steps do you think SMBs need to undertake to make sure a BYOD policy does not expose their systems to harm? Are SMBs better off focusing on endpoint security or cloud security? Leave a comment below to let us know what you think about this issue!

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.