fbpx Skip to main content

Mixing BYOD with corporate networks

By August 10, 2020August 21st, 2020Infrastructure, Leadership, Managed Services
Mixing BYOD with corporate networks

It has often been the goal of IT staff or IT support to make technology work for customers. No matter the request, if there was a way to make it work, it was a success. However, with the rise of cybersecurity breaches we have had to rethink that approach. While we do want to make technology work, we must now consider the security ramifications of our actions. Just because we can, doesn’t mean we should.

And this leads us to BYOD or “Bring Your Own Device”.

BYOD is the practice of adding unmanaged external or personal devices into a corporate network environment. This commonly takes the form of adding employees’ personal computers, laptops, mobile phones, or tablets to the company’s network. The request to add a personal device is often phrased innocuously: “Can I connect my phone to the office Wi-Fi network? I need the internet.” Or “I’m using my home laptop today and I need to access my work files.”

But there are certainly security ramifications of simply adding these devices. This is why businesses and organizations are urged to have a BYOD policy to deal with these sorts of requests. What will or won’t be allowed to connect to the corporate network? What should connect to the guest network instead?

Let’s talk about OXEN’s philosophy concerning BYOD and what we recommend as a best practice. What are the risks of BYOD?

The Risks of Personal Devices & BYOD

Despite the superficial similarity, personal devices are often very different from company devices. They’re used differently, treated differently, and protected differently.

Personal Use

Personal use computers are typically used differently from work computers. In most cases, these devices are used for a wider range of reasons: from personal email, to social media, to researching a hobby, personal finance use, and entertainment. Because of this wider range of use, and typically more adventurous use, the likelihood of coming across malware, viruses, or exposure to remote control of the machine is higher.

Certainly, this risk depends on the individual using the machine, but generally, more risk is involved in personal use computing. This leads to more risk of an infected/compromised machine impacting your corporate network.

No Enforced Protection

Even if a personal PC is on the latest operating system, personal computers lack the security protection provided by most corporate networks. For example, in OXEN-managed networks, there are standard policies in place, anti-virus and anti-malware installed, and patching updates performed on corporate machines to help protect the environment. These programs and updates are monitored and enforced to ensure that protection is at its best. Personal computers rarely have such security measures in place, or to the level expected in a corporate environment.

What’s the impact if these vulnerabilities are exploited?

Given the vulnerabilities personal devices have, how can they be exploited? What’s the impact if a personal device on your corporate network were to be hacked or infected?

  • Attackers can bypass your protections. Because personal use computers have a greater risk of being compromised, it is important to consider the implications of a compromised personal computer being on the corporate LAN. It is possible that a personal PC could be compromised at home our outside the network. Often hackers will set up remote access capabilities to control a computer. If that computer is brought into the corporate network, that hacker now has access to corporate resources, completely bypassing the firewall used to protect the company from internet attacks.
  • Lack of device management hinders response. Responding to an incident when OXEN does not manage the device is also more difficult. There is no monitoring agent on a personal device. It is essentially a rogue device, likely to remain unknown for a longer amount of time. This delays resolution and can give hackers more time to cause more damage.
  • Contractual obligations become murky. A personal device infecting the corporate network would not be covered under contract. Likewise, even though the corporate network is generally more secure, if a compromise were to happen on a corporate device, and infect a personal computer, that would also not be covered. Regardless, it sets us up for a less than desirable outcome that we would all like to avoid.

How to Make BYOD Exceptions

It is possible to make exceptions and to have a safe BYOD policy in your environment.

Guest Networks

It would be acceptable and even preferred to bring a personal computer to the office if it is isolated on a guest network that does not have access to corporate resources. This is desirable because it could potentially mean less mixing of personal and business use on a corporate machine.

Zero Trust Networks

If you want to implement a BYOD network, you should take a “zero trust” networking approach. This means that you consider every device hostile. Nothing is trusted. This means beefing up security for access to company resources. In most cases if you are on the office network your device is trusted. That makes things easier to “use”, but it also makes it easier for a hacker to “misuse” that trust.

Conclusion

Ultimately, security is best done through uniformity, centralized control, and monitoring. Anything that pushes against those things will create more risk.

While there is no cookie cutter approach to BYOD, it is commonly recognized as bad practice to mix personal and business devices on the same network. There is typically a better solution to be implemented. Identify the reason for wanting to bring a personal machine in, and then let’s talk about how we can achieve that without more risk being added.


business growth and expansion

The Role of Current Technology in Business Growth and Expansion

| Business Productivity, Managed Services, Security | No Comments
Business growth and expansion entail a lot of work in all the different areas—logistics, finance, research, and technology. Technology plays a key role because practically all aspects of business rely on it. In our last few blogs, we have been talking about some benefits that small business owners can get out of integrating the right technology into their business, especially during expansion, downsizing, or switching from a remote work setup to a hybrid work environment. Attracting and Retaining Talent for Business Growth and Expansion For any SMB, attracting and keeping enterprise talent is quite an achievement. But, of course, it…
How Your IT Company Affects Customers

For Better or For Worse: How Your IT Company Affects Your Customers

| Business Productivity, Managed Services | No Comments
How Your IT Company Affects Customers is very important to keep your business operations in good hands. Most processes today rely on technology, so you need a provider to keep up with the times and ensure everything goes smoothly. But do you realize how your choice of IT company also affects your customers? The level of customer satisfaction might be one of the most revealing gauges of how efficient your IT company is. How Your IT Company Helps Affect Your Delivery of Better Service to Customers Although your IT provider does not have direct contact with your customers, the tasks they take…
Self-Help Kiosks

Self-Help Kiosks vs. Human—The Pros and Cons

| Business Productivity, Managed Services | No Comments
Self-help kiosks are becoming more commonplace by the day. There used to be a time when a business would consider it extremely high-tech if they had touchscreen monitors installed. But today, you can find these kiosks in many establishments. A self-help kiosk is an interactive screen that gives information or provides a service with a simple touch. They are extremely versatile and used in a wide range of applications. They are popular in fast-food chains, bus stations, and banks. What Are the Pros of Self-help Kiosks? There are plenty of benefits to self-help kiosks, which is why companies are all…