Do you have a plan for when your employee brings their phone, or other devices to work and connects
to your network? Have you even thought about it? Do you have a policy and the network infrastructure in place to deal with this scenario?
For a moment, think about this. Scenario 1: A Worker connects to your network then decides to click on a
cute cat video link; this link then runs some malware, what now? The other scenario, your employer finds a USB at home or got one at a conference and decides to plug it into a work terminal. Suddenly you are infested. Don't think it can't happen. This is how Stuxnet was introduced into its target.
So what is an organisation to do? You can tell your employees they can not use their own devices. Albeit
effective, not very practical, and not all that user friendly for your employees. Like all
solutions the mixed approach is often better.
1. Make sure all DYODs are updated to latest firmware. Spectre and Meltdown are examples of good reasons to keep devices up-to-date.
2. All devices can and should have anti-virus software. This is not universally accepted, but the more barriers you have the better.
3. Wall off the internal network to only vetted devices, leave outside users, whether employees or customers outside.
4. Use mobile device management technology to create a virtual partition in each device that separates work data from personal data.
5. Develop a data/security policy that considers BYOD.
6. The same security policy for company equipment should be extended to BYODs: Like screen locking, and strong passwords.
7. Teach and train your employees about prevention. Ex. Not opening nefarious links, emails, and files.
This is not an exhaustive list, but it is a good start to approaching the topic of BYOD. As devices multiply and become ubiquitous not just at home, but in the office, we need to address these issues now. As always it is a balance between security and usability. Don't forget your users when designing systems and policies.