BYOD Cybersecurity risks

The cybersecurity risks of BYOD. To effectively establish security solutions and regulations that minimise risks, organisations must first comprehend the scope of the possibilities presented by BYOD.

Example: Mobile phones

BYOD such as mobile phones presents extraordinary chances for attackers. Many mobile phone features enable employees to use personal phones (and tablets) for work instead of the official and centrally monitored work PCs. In many circumstances, this behaviour promotes flexible working habits and is welcomed by employers, especially when it comes to email communications, travel-related work, and after-hours connectivity.

Capabilities of mobile phones:

  • Constant connectedness.
  • Sensors (camera, microphone, GPS) (camera, microphone, GPS).
  • Mobility (revealing user behaviour, workplace location) (revealing user behaviour, workplace location).
  • App distribution platforms with inadequate security.
  • Access to the telephone network, the internet, cloud services, Bluetooth devices, and private networks are all available.
  • Vulnerabilities that are unpatched
  • More processing power than many office computers.
  • Non-technical and inexperienced users trust their devices more than they would a computer.

Furthermore, cell phones, which are frequently lost or stolen, are increasingly being used as second-factor tokens in multi-factor authentication (MFA). This gives thieves access to both the first factor (username and password) in cache memory and the second factor (unique identification connected to the phone) in the same device. This completely violates the concept of two independent authentication factors. Many banking Trojans take use of this MFA design flaw, installing malware on the phone to intercept both factors. Most BYODs are managed by SOC (Security Operation Centre).