UK Cybersecurity Agency Releases New BYOD GuidanceAlso, Bitdefender Report Reinforces Need for Cyber Hygiene When Using BYOD
The United Kingdom's National Cyber Security Center has published an updated guidance for employees using their personal devices for work, amid a prolonged work-from-home setting.
The agency, which says that the pandemic-induced remote working setup has made cyberthreats "ubiquitous," offers in the guidance technical controls for different types of bring-your-own-device deployments.
It also offers advice for organizations on whether BYOD is right for their employees, things to consider for BYOD policy-making and deployment and method of deployment, as well as necessary infrastructure.
According to the NCSC, security challenges with BYOD include:
- Compliance of personal devices with company policies and procedures;
- Compliance with legal and contractual obligations;
- Supporting a wider range of device types and operating systems;
- Protecting official data and corporate infrastructure;
- Maintaining privacy controls of the end-user or device owner.
Zero Trust and BYOD
The NCSC also details how the zero trust architectural approach fits into the BYOD agenda.
"Frequently, the concept of zero trust is brought up in conversations about BYOD deployments, but there are many misconceptions about what zero trust is," according to the NCSC. Several BYOD technical controls, it says, are similar to those used in zero trust architecture, but there are important differences.
"Just having BYOD mechanisms in place does not mean that you are automatically able to migrate to zero trust, or that any zero trust architecture you have in place is ready for BYOD deployments," it says.
Although zero trust is maturing quickly, it must overcome challenges before it can be suitable for everything and everyone, the agency says, adding that organizations must study zero trust principles and the blogs on its website that provide a comprehensive overview.
The Need for Cyber Hygiene
Cybersecurity services provider Bitdefender released a report on Oct. 5 detailing how basic cybersecurity hygiene practices are lacking in consumers who use smartphones and other BYOD items.
According to the report, 23% of the surveyed individuals used at least one work device to access personal online accounts.
Passwords: Half of the surveyed individuals said they used the same password across all online accounts while 27% of the total used passwords such as "1234" to lock their mobile phones and 11% did not lock their mobile phones at all. About half of the surveyed users said they just memorized account details, while about one-third relied on their devices' autofill option and about one-quarter wrote them down or used a password manager, according to the report.
Device Security: Thirty-five percent of the respondents, according to the report, said they did not use antivirus software on their mobile phones. Thirty percent believed that mobile phones did not need it, 22% felt the software was too expensive, and 16% were under the impression that security was already built into their devices. An average of 41% said they did not use private browsers and 52% did not use a VPN.
These statistics come alongside the revelation that a majority of the respondents - 61% - experienced as least one mobile cybersecurity threat in the past 12 months. The report says that unsolicited texts and calls made up 36% of the attack vectors, while phishing accounted for 23% and data breach for 12%.
Fifty-one percent of the participants said they know how to change internet browser privacy settings, while 46% said they read privacy policies before signing up for new accounts, according to the report. And 46% of the participants said they disliked choosing new passwords for each new account, while 38% did not like it if they were required to use multifactor authentication, says the report.
Cybersecurity, according to Bogdan Botezatu, director of threat research and reporting at Bitdefender, can be strengthened by understanding consumer online security behavior trends.
“Cybercriminals continuously explore new ways to exploit human weaknesses to steal sensitive data, extort money, or gain a foothold inside systems. By understanding everyday cybersecurity practices, we can better gauge potential risks and vulnerabilities,” he says.