Information Security Forum: Businesses Should Ignore BYOD Risk at Their Own Peril

Sept. 17, 2013 - PRLog -- According to the Information Security Forum (http://www.securityforum.org) (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management,concerns about security breaches, IP theft and data loss demonstrate that a strategy for addressing mobile devices in the workplace is essential in today’s fully-connected society. When businesses push Bring Your Own Device (BYOD) programs into place too quickly, risk management is often neglected or rushed, leaving organizations with both unknown and unnecessary risks. For organizations to be successful in the era of mobile devices in the workplace, risk management must be the foundation of any BYOD program.

“The use of personal devices to store and process sensitive information continues to rapidly affect the way we do business. At the same time, it means organizations are easily exposed to new and more complex threats from stolen, lost or destroyed data, malware and other attacks if the device is not securely used and protected,” said Michael de Crespigny, CEO, ISF. “An employee’s tablet or smartphone may be used in ways which would not be acceptable if it was owned by the organization. By putting the right business practices and usage policies in place now, organizations will benefit greatly from the flexibility, increased productivity and reduced costs that mobile devices can bring to today’s workplace, while minimizing exposure to potential security risks.”

A recent, global survey (http://www.pwc.com/us/en/industry/entertainment-media/ass...) by PwC reported that 88 percent of consumers use a personal mobile device for both personal and work purposes. Gartner has gone further, predicting (http://www.gartner.com/newsroom/id/2466615) that 50 percent of employers will stop providing devices by 2017, requiring employees to bring their own. Even without employees connecting their own devices to the organization’s systems, mobile device risk is substantial. If a BYOD program doesn’t already exist in your organization, you need to start thinking now about the risks - along with if and how they can be managed.

The ISF’s latest report, Managing BYOD Risk: Staying Ahead of Your Mobile Workforce (https://www.isflive.org/docs/DOC-6995), provides ISF Members with an information-centric approach to implementing a BYOD program. The report sets out an approach organizations can adopt towards a BYOD program and highlights key considerations by:

·         Explaining how a risk-based approach can be applied to a BYOD program

·         Identifying the key risks associated with BYOD programs

·         Providing guidance for implementing  a BYOD program

·         Presenting BYOD leading practices in the form of a process which describes the key actions, controls, and operational recommendations to prepare for and deploy BYOD

·         Explaining how the BYOD Implementation Tool can be used to support each BYOD deployment

“A well-organized attack, whether it comes from nation states, criminals or hacktivists, can exploit BYOD devices by using them as a stepping-stone of attack against an organization,” continued De Crespigny. “BYOD initiatives present considerable challenges and today’s executive must embrace these technologies or risk being sidelined by those more agile. Our latest report provides ISF Members with guidance on the implementation of a successful BYOD program and how organizations can quickly, and easily, identify the risks and threats associated with BYOD programs.”

Available at no cost to ISF member companies, Managing BYOD Risk: Staying Ahead of Your Mobile Workforce can also be purchased by non-members. For more information, please contact Steve Durbin at steve.durbin@securityforum.org.

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from www.securityforum.org