SlideShare a Scribd company logo

BYOD - Secure the data, not the device

b coatesworth
b coatesworth

This document discusses the risks and benefits of BYOD (bring your own device) policies for companies. It notes that BYOD can improve productivity and reduce costs but also increases security risks if devices are not properly secured and managed. The document provides recommendations for developing a BYOD security plan including identifying risks, forming a working group, enforcing policies, implementing remote management solutions, and periodically reassessing the program. Overall, the document advocates for a balanced approach that harnesses the benefits of BYOD while mitigating risks through governance, education, and technology solutions.

Technology
1 of 16
Download to read offline
Secure the data, not the device
Risky business - balancing BYOD risk with mobility Increased productivity Lower cost to the company Flexibility Technology Familiarity Support of many different devices No control over what is on device Increase attack surface Device Disparities
BYOD improves productivity. • BYOD support average nearly three hours of productivity gains per week. BYOD promotes business agility. • BYOD helps employees collaborate more quickly, efficiently and creatively. BYOD responds to employee demand. • Supporting users’ own devices can be a recruitment selling point. Risky business - balancing BYOD risk with mobility
Risky business - balancing BYOD risk with mobility Security enforcement. • BYOD creates more weak links that can be exploited both internally and externally. • Requires significant user education and buy-in. Management and governance. • Without governance arrangements, BYOD can quickly run out of control. • IT to actively collaborate across the organization to identify workable solutions. Direct and indirect costs. • BYOD often reduces device acquisition costs. Can increase direct costs associated with network infrastructure and complexity
Secure foundations – 7 points to building a BYOD security plan 1. Identify the risk elements that BYOD introduces • Measure how the risk can impact your business • Map the risk elements to regulations 2. Form a working group to embrace BYOD and understand the risks, including: • Business stakeholders, IT stakeholders, Information security stakeholders 3. Decide how to enforce policies for devices connecting to your network • Mobile devices (smartphones) Tablets (e.g., iPad) Portable computers (laptops, netbooks, ultrabooks) 4. Build a project plan to include these capabilities: • Remote device management, Application control, • Data and device encryption, Wiping devices when retired • Revoking access to devices when end-user relationship changes from employee to guest
Secure foundations – 7 points to building a BYOD security plan 5. Evaluate solutions • Consider the impact on your existing network • Consider how to enhance existing technologies prior to next step 6. Implement solutions • Begin with a pilot group from each of the stakeholders' departments • Expand pilot to departments based on your organizational criteria • Open BYOD program to all employees 7. Periodically reassess solutions • Include vendors and trusted advisors • Look at roadmaps entering your next assessment period • Consider cost-saving group plans if practical
In 2013 Cybercriminals made use of some exceptionally sophisticated methods to infect mobile devices. Infecting legal web resources helps spread mobile malware via popular websites - water holes. Distribution via alternative app stores. There are numerous app stores containing programs that cannot be found in Google Play. Distribution via botnets. Bots self-proliferate by sending out text messages with a malicious link to addresses in the victim’s address book. Criminals are increasingly using obfuscation, the deliberate act of creating complex code to make it difficult to analyse. Cybercriminals also exploiting the Android Master Key vulnerability and have learned to embed unsigned executable files in Android installation packages. Cyber crime
Threats from mobile devices
Trend of the year: mobile banking Trojans 2013 was marked by a rapid rise in the number of Android banking Trojans Threats from mobile devices
Collects information about the smartphone (IMEI, country, service provider, operating system language) Acquires logins and passwords to online banking accounts, and bank card information Extorts money from users by threatening to block the smartphone Monitors SMS messages and information about voice calls. Threats from mobile devices
Today, the majority of banking Trojan attacks affect users in Russia and the CIS. The cybercriminals’ interest in user bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014. Infections caused by mobile banking programs
Countries where users face the greatest risk of mobile malware infection
Mobile spyware, such as MobileSpy and FlexiSpy, is on the rise. In the BYOD context these spyware applications pose a huge threat because they can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage. The mobile phone is also a fully functional network device. When connected to the company Wi-Fi, has the ability to probe the network for vulnerabilities and assets. Mobile Spyware, BYOD and Corporate Espionage
Mobile Spyware, BYOD and Corporate Espionage
Mobile Spyware, BYOD and Corporate Espionage
Recap THANK YOU

Recommended

The challenges of BYOD for campus network by Leonard Raphael
The challenges of BYOD for campus network by Leonard RaphaelThe challenges of BYOD for campus network by Leonard Raphael
The challenges of BYOD for campus network by Leonard RaphaelBeamos Technologies
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4 Jeewanthi Fernando
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
Mobile security management
Mobile security managementMobile security management
Mobile security managementGreystone Technology
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devicesJ A Bhavsar
 
Non-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaNon-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaCatalyst Balkans
 

Recommended

The challenges of BYOD for campus network by Leonard Raphael
The challenges of BYOD for campus network by Leonard RaphaelThe challenges of BYOD for campus network by Leonard Raphael
The challenges of BYOD for campus network by Leonard RaphaelBeamos Technologies
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4 Jeewanthi Fernando
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
Top 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustryTop 5 Cybersecurity Threats in Retail Industry
Top 5 Cybersecurity Threats in Retail IndustrySeqrite
 
Mobile security management
Mobile security managementMobile security management
Mobile security managementGreystone Technology
 
5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public Sector5 Cybersecurity threats in Public Sector
5 Cybersecurity threats in Public SectorSeqrite
 
Cyber security for women using mobile devices
Cyber security for women using mobile devicesCyber security for women using mobile devices
Cyber security for women using mobile devicesJ A Bhavsar
 
Non-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaNon-profit Tech Needs in Serbia
Non-profit Tech Needs in SerbiaCatalyst Balkans
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
The Internet of things paradox
The Internet of things paradoxThe Internet of things paradox
The Internet of things paradoxGolden Locksmith
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01ijmnct
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Humming Heads Presentation
Humming Heads PresentationHumming Heads Presentation
Humming Heads PresentationDansha
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionmoldovaictsummit2016
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security TermsSuryaprakash Nehra
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy onijmnct
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
 

More Related Content

What's hot

Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and SystemParam Nanavati
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
The Internet of things paradox
The Internet of things paradoxThe Internet of things paradox
The Internet of things paradoxGolden Locksmith
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industrySeqrite
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01ijmnct
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss PreventionSeqrite
 
Humming Heads Presentation
Humming Heads PresentationHumming Heads Presentation
Humming Heads PresentationDansha
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionmoldovaictsummit2016
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 

What's hot (19)

Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution market
 
Mobile security
Mobile securityMobile security
Mobile security
 
The Internet of things paradox
The Internet of things paradoxThe Internet of things paradox
The Internet of things paradox
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
Data security for healthcare industry
Data security for healthcare industryData security for healthcare industry
Data security for healthcare industry
 
4514ijmnct01
4514ijmnct014514ijmnct01
4514ijmnct01
 
[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention[Infographic] Data Loss Prevention
[Infographic] Data Loss Prevention
 
Humming Heads Presentation
Humming Heads PresentationHumming Heads Presentation
Humming Heads Presentation
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, prevention
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Securing the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use PolicySecuring the Enterprise with Application Aware Acceptable Use Policy
Securing the Enterprise with Application Aware Acceptable Use Policy
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's world
 

Similar to BYOD - Secure the data, not the device

Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy onijmnct
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OSPranav Saini
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsBlueboxer2014
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Mobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
Mobile Security Threats In Organisations: 4 Challenges To Navigate And SolveMobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
Mobile Security Threats In Organisations: 4 Challenges To Navigate And SolveZeroblack
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015Francisco Anes
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxpdevang
 

Similar to BYOD - Secure the data, not the device (20)

Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
Security attacks taxonomy on
Security attacks taxonomy onSecurity attacks taxonomy on
Security attacks taxonomy on
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdf
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OS
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Mobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
Mobile Security Threats In Organisations: 4 Challenges To Navigate And SolveMobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
Mobile Security Threats In Organisations: 4 Challenges To Navigate And Solve
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

BYOD - Secure the data, not the device

  • 1. Secure the data, not the device
  • 2. Risky business - balancing BYOD risk with mobility Increased productivity Lower cost to the company Flexibility Technology Familiarity Support of many different devices No control over what is on device Increase attack surface Device Disparities
  • 3. BYOD improves productivity. • BYOD support average nearly three hours of productivity gains per week. BYOD promotes business agility. • BYOD helps employees collaborate more quickly, efficiently and creatively. BYOD responds to employee demand. • Supporting users’ own devices can be a recruitment selling point. Risky business - balancing BYOD risk with mobility
  • 4. Risky business - balancing BYOD risk with mobility Security enforcement. • BYOD creates more weak links that can be exploited both internally and externally. • Requires significant user education and buy-in. Management and governance. • Without governance arrangements, BYOD can quickly run out of control. • IT to actively collaborate across the organization to identify workable solutions. Direct and indirect costs. • BYOD often reduces device acquisition costs. Can increase direct costs associated with network infrastructure and complexity
  • 5. Secure foundations – 7 points to building a BYOD security plan 1. Identify the risk elements that BYOD introduces • Measure how the risk can impact your business • Map the risk elements to regulations 2. Form a working group to embrace BYOD and understand the risks, including: • Business stakeholders, IT stakeholders, Information security stakeholders 3. Decide how to enforce policies for devices connecting to your network • Mobile devices (smartphones) Tablets (e.g., iPad) Portable computers (laptops, netbooks, ultrabooks) 4. Build a project plan to include these capabilities: • Remote device management, Application control, • Data and device encryption, Wiping devices when retired • Revoking access to devices when end-user relationship changes from employee to guest
  • 6. Secure foundations – 7 points to building a BYOD security plan 5. Evaluate solutions • Consider the impact on your existing network • Consider how to enhance existing technologies prior to next step 6. Implement solutions • Begin with a pilot group from each of the stakeholders' departments • Expand pilot to departments based on your organizational criteria • Open BYOD program to all employees 7. Periodically reassess solutions • Include vendors and trusted advisors • Look at roadmaps entering your next assessment period • Consider cost-saving group plans if practical
  • 7. In 2013 Cybercriminals made use of some exceptionally sophisticated methods to infect mobile devices. Infecting legal web resources helps spread mobile malware via popular websites - water holes. Distribution via alternative app stores. There are numerous app stores containing programs that cannot be found in Google Play. Distribution via botnets. Bots self-proliferate by sending out text messages with a malicious link to addresses in the victim’s address book. Criminals are increasingly using obfuscation, the deliberate act of creating complex code to make it difficult to analyse. Cybercriminals also exploiting the Android Master Key vulnerability and have learned to embed unsigned executable files in Android installation packages. Cyber crime
  • 9. Trend of the year: mobile banking Trojans 2013 was marked by a rapid rise in the number of Android banking Trojans Threats from mobile devices
  • 10. Collects information about the smartphone (IMEI, country, service provider, operating system language) Acquires logins and passwords to online banking accounts, and bank card information Extorts money from users by threatening to block the smartphone Monitors SMS messages and information about voice calls. Threats from mobile devices
  • 11. Today, the majority of banking Trojan attacks affect users in Russia and the CIS. The cybercriminals’ interest in user bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014. Infections caused by mobile banking programs
  • 12. Countries where users face the greatest risk of mobile malware infection
  • 13. Mobile spyware, such as MobileSpy and FlexiSpy, is on the rise. In the BYOD context these spyware applications pose a huge threat because they can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage. The mobile phone is also a fully functional network device. When connected to the company Wi-Fi, has the ability to probe the network for vulnerabilities and assets. Mobile Spyware, BYOD and Corporate Espionage
  • 14. Mobile Spyware, BYOD and Corporate Espionage
  • 15. Mobile Spyware, BYOD and Corporate Espionage