Running head: MOBILE DEVICES IN THE BYOD ENVIRONMENT 1

Vulnerability Assessments for Mobile Devices in the BYOD Environment

Name

Institution
MOBILE DEVICES IN THE BYOD ENVIRONMENT 2

Mobile devices are increasingly becoming part of many people personal lives and many

organizations are realizing that their employees increasingly desire to utilize both corporate-

provided devices as well as their own personal mobile devices to perform work. The

organizations find it impossible to physically block the utilization these mobile devices since

they are for both work and personal agendas. However, they need to control these devices since

the current economic environment demands productivity from the employees. Therefore, having

a secure mobile program; bring your own device (BYOD) provide a better option that enables

personal devices to be utilized safely in a work setting.

The major cybersecurity issues related to BYOD

BYOD brings about major security risk expansion since there is a wide variety of devices as

well as a huge number of devices. A BYOD implementation invariably will encompass a wider

range of device kinds and the same level of security controls that were applied to a single device

type will have to be replicated to all hardware and software combinations of the different types

of devices. This results in differing levels of effectiveness among the devices. More often,

employees have more than one device which they connect to multiple to the organization’s

infrastructure. This raises the total number of devices that need to be secured. Consequently, this

may lead to an inadequacy of security controls to consistently and effectively implement security

across the entire network of devices. This happens even in an environment controlled by

functional mobile device management solution since the vulnerabilities in the device operating

system or apps may beat the existing controls in the devices (Paganini & Pierluigi Paganini,

2016).

Policy controls recommendations

Secure the employees’ devices by evaluating device usage scenarios and investigating
MOBILE DEVICES IN THE BYOD ENVIRONMENT 3

leading practices to mitigate all risk scenarios. Put in place a mobile device management product

so as to strengthen policies as well as monitor usage and access. In addition, implement

minimum industry standard security policies such as device encryption, remotely wiping, PIN

code authentication and failed log in attempt actions. Make and set a security baseline in order to

certify hardware/software for enterprise use. Also, categorize trusted and untrusted device access

through layer infrastructure and implement robust authentication and access controls for vital

business apps. Incorporate mobile device risk to the enterprise’s awareness program.

Counter app risks by utilizing mobile anti-virus solutions to safeguard the organizations

BYOD malware-prone mobile software. Ensure mobile app development address security

processes and manage apps via a reliable app store (a mobile app management solution). App

risks can also be mitigated by regularly assessing the need for new apps in order to increase

productivity and security.

Manage support for BYOD devices by creating and implementing a proper BYOD support

and usage policy. Improve on the current support processes to encompass secure provisioning

and wiping of devices. Also, create an education workshop/process to sensitize users the

importance of updating their mobile devices. Supplement the existing IT support team with a

social support platform and introduce employee self-service support portal/solution.

How Human Factors influence the effectiveness of the policy controls

The human factor is the fundamental reason why many attacks are successful since

employees underestimate the severity of potential threats. Employees are generally distracted by

these devices and become ignorant leading to high-risk practices in terms of security hence the

need to define rules and establish policy controls to be followed in conditions that expose the

user to risk.
MOBILE DEVICES IN THE BYOD ENVIRONMENT 4

The main goal of technology in an organization is to bring about business value. Complete

lockdown on the usage of mobile devices and personal devices may to some extent reduce

security risks, but, such restrictive policies may discourage adoption of new technologies or

promote workarounds. With such kind of controls in place, they may drive some employees to

utilize unsafe/risky alternatives to get the much-needed flexibility and access they have

previously experienced. In such cases, both the policy and the program will be unsustainable.

Policy controls in place require strict adherence to security protocols in an event of a

security breach. Such security incidents occur at high speed and require a quick response. In

most cases, the incident management progress is usually slow and cannot cope with the threats

since it takes place at human speed. The needed actions taken by users to respond to a security

incident is characterized with human latency further exposing the organization to more risks due

to failure to apply deterrence measures on time (Winnefeld, Kirchhoff, & Upton, 2016).

The incorporation of social media and mobile platforms in an organization’s core business

functions represents a privileged target for attacks since intruders use them to implement fraud

schemes. Organizations have a wide range of circumstances in which the services accessed

depending on social media. Since social media becomes a point of aggregation different kinds of

information, it becomes difficult for policy controls to determine proper use of these services.
MOBILE DEVICES IN THE BYOD ENVIRONMENT 5

Work cited

Giaffreda, R., Caganova, D., Li, Y., Riggio, R., & Voisard, A. Internet of Things. IoT

Infrastructures (1st ed.).

Paganini, & Pierluigi Paganini (2016). Why humans could be the weakest link in cyber security

chain?. Security Affairs. Retrieved 1 December 2016, from

http://securityaffairs.co/wordpress/9076/social-networks/why-humans-could-be-the-

weakest-link-in-cyber-security-chain.html

Silvestri, G. (2015). Citrix XenDesktop® Cookbook - Third Edition (1st ed.). Birmingham: Packt

Publishing, Limited.

Winnefeld, J., Kirchhoff, C., & Upton, D. (2016). Cybersecurity’s Human Factor: Lessons from

the Pentagon. Harvard Business Review. Retrieved 30 November 2016, from

https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon