More and more SMEs are adopting the policy which allows people to bring in their own laptops and tablets to work on – giving them access to emails, fileservers and databases.
The policy is aimed at making people more productive and reducing overheads for SMEs, but Smoothwall’s experts warn it can put businesses at major risk from cyber-threats and possible legal action.
Smoothwall which has its headquarters in the UK and operates to protect business and governments worldwide, said that the speed new malware is being released at now exceeds the rate at which legitimate software is produced.
It said that meant there were millions of devices out there containing spyware, adware, viruses, worms, Trojan horses, rootkits and other malicious software.
Richard Moore, Smoothwall’s Chief Executive, said: “Obviously the owners of these devices have no idea this software is there and even if they have up to date antivirus and anti-malware software, it won’t protect against the very latest threats that came out that morning – often called ‘zero-day threats’.
“Whilst it may be very difficult for SME bosses to keep infected devices off their network, they can make sure that malware can’t do any damage or infect other devices.
“This means having an adequate protection system in place that will effectively ring-fence infected devices.”
Smoothwall said more than a fifth of UK firms, with an average annual IT spend of more than £50,000 had already implemented BYOD policies with the number due to grow rapidly because of users’ familiarity with their own tablets, smart phones and netbooks.
It has issued the following guidelines to help ensure safer BYOD policies.
1. Provide good quality Wi-Fi to guests, staff and students. If it is cheaper than 3G, faster and not overly restrictive then the majority will use for every day web use. If they are using your service it can be tied to the company’s authentication – and most importantly, your filtering and control policies.
2. Strengthen security at the perimeter. You can’t ensure that all devices that enter your guest network are clean and have properly maintained anti-malware. You can however protect the network using internal firewalls and use reliable anti-malware scanning of guest and user web traffic at the perimeter.
3. Use effective DfE / Becta Accredited web filtering technology. Over-blocking known safe content causes frustration – not blocking unsafe content causes distress (and potential litigation). Work with the best dynamic content filtering technology to reduce the risks.
4. Create ‘who, what, where and when’ user policies that encourage and reward responsible behaviour. Design your Acceptable Usage Policies (AUP) to have clear rules – e.g. Facebook at breaks and before & after core hours – then everybody knows what is and isn’t acceptable.
5. Review and update your policies as you go along. The web and your users’ behaviour changes constantly so you’ll need to fine-tune your service regularly.
Richard Moore added: “For many network managers the growing popularity of smart phones, tablets and other portable devices is causing a major headache.
“Many people presume the growth of BYOD is down to budget cuts in the current economic climate, because it saves money if people use their own equipment, but this isn’t necessarily the case because BYOD requires additional infrastructure and a new set of policies and procedures which means it isn’t always the cheapest option.
“However the main problem with BYOD is that mobile devices offer many of the same old fashioned threats that we’ve been fighting for years.”
