In just a matter of weeks, the COVID-19 pandemic has radically altered the landscape of work. Many employees are accessing their employers’ software platforms and apps from home, and for companies large and small, this new reality introduces unique security challenges. Given remote workers may rely on their own mobile devices for these tasks, the combination of work-from-home and BYOD (Bring Your Own Device) opens employees and companies to risk.
Against this backdrop, security is paramount. Even before the pandemic, CIOs and IT managers were awakening to the idea that remote work required them to think about security in a more holistic way. The good news is that many of the same BYOD security strategies that were relevant pre-COVID-19 are just as applicable, if not more so, to the current moment.
The remote employee factor
“Security is increasingly less about the perimeter—about creating walls around data and infrastructure—and more about leveraging technology to protect your data wherever it exists,” says John Loveland, Verizon Enterprise Solutions’ Global Head of Cyber Security Strategy and Marketing.
According to recent Verizon research, 45% of surveyed businesses admitted their defenses were falling behind attackers’ capabilities, while only 13% said they combined regular security testing, data encryption, need-to-know access and no-default passwords.1
The need for heightened awareness across remote workers’ devices couldn’t be clearer, Loveland argues. “It’s about having increased visibility into those devices—not from an intrusion standpoint, but to flag and identify incidents and compromises, regardless of where the devices may be in your infrastructure."
Verizon has also learned that users are significantly more susceptible to social attacks they receive on mobile devices than on laptops or desktop computers, and more than half of small to medium businesses have no IT support on staff.2 The so-called attack surface grows broader every year, and COVID-19 is supercharging this trend, with mobile phishing scams proliferating and being flagged to authorities.
The greater the frequency that remote employees use their own devices for work, the greater the chance that bad actors can find a foothold.
The median computer data breach costs a company $7,611, while the median business email compromise is more than triple that sum, at $24,439. Meanwhile, the largest breaches can easily reach into the seven and eight figures. And while breaches occur in an instant, 56 percent of them take months or longer to discover.3
That asymmetry is stark, but it also provides a strong incentive to develop smart, effective defenses.
"The average time it takes to penetrate an environment is seconds and minutes, whereas the average time to detect and respond to a breach is measured in weeks, months, even years," Loveland says. "If you can shrink the time between compromise and detection and between detection and response, you have an opportunity to mitigate any associated damage. It’s the difference between a security incidence being a nuisance, and it being on the front page of every major newspaper."
A BYOD security playbook
When it comes to protecting BYOD employees—and by extension, your own business—there are a number of tactics to consider.
Education: The single most important element in keeping data safe is education. Keep employees informed not only about what they should do, but why they need to do it. A BYOD handbook should include best practices such as enabling two-factor authentication and requiring VPN login to apps and programs containing sensitive information.
Intelligent monitoring: Cyber Risk Monitoring can provide companies with a baseline of preparedness from a security and risk-score perspective, while also helping them monitor processes where personal data might be unintentionally exposed.
A mobile safety net: Encouraging employees to give IT departments a list of the personal devices they use for work can help locate vulnerabilities more quickly. The installation of mobile device management software may make it possible to secure data in the event a device is lost or stolen—a fate of 46,002 devices every day.4
The COVID-19 pandemic will keep millions of workers logging on from home, but that's simply accelerating the trend of employees working outside a traditional office. Beyond the current moment, the rise of machine learning and AI, IoT technologies, as well as edge and cloud compute are making cybersecurity foundational for the real-time enterprise. The security measures undertaken now have the potential to pay dividends in the future.
"Whenever there’s an incident—whether it’s sitting on network, in a cloud app or on somebody’s mobile device—as a business owner I’d want to be able to spot that vulnerability, look at it and address it in a much more holistic, integrated way than I’d have been able to in the past," Loveland says. The current moment is inviting far-sighted businesses to develop an end-to-end security posture that helps them and their employees, wherever they may sit, be ready.
Number records compromised due to config errors in cloud applications.
Approximate percentage of surveyed organizations that reported having experienced a mobile-related compromise.
Percentage of surveyed companies did not have an acceptable use policy in place.
Source: Verizon Mobile Security Index 2020.
1 Verizon Mobile Security Index 2020.
2 Parks Associates, Technology Needs of Today's SMBs, 2018.
3 2019 Verizon Data Breach Investigations Report.
4 Asurion Claims Data and CTIA Wireless Customer.