NCSC: Revoke Admin Access for BYOD Users Immediately
Government security experts have urged organizations to review and re-plan any BYOD strategies implemented as a quick fix during the pandemic, warning of mounting cyber-risk.
GCHQ-offshoot the National Cyber Security Centre (NCSC) has released updated guidance for organizations designed to help them design, deploy and manage what it claimed could be a “potentially difficult IT set-up.”
Senior platforms researcher, “Luna R,” warned in a new blog post that the time for a “just make it work” mentality is over, and BYOD must now be carefully considered and rigorously implemented to be effective and secure.
“You cannot do all your organization’s functions securely with just BYOD, no matter how well your solution may be configured,” she argued. “If you’ve given BYOD users admin access to company resources, revoke that access immediately, then come back.”
The rapid shift to remote working during the first months of the pandemic made employee use of personal devices virtually essential in many organizations, especially those with smaller IT budgets.
However, stories soon emerged of threat actors targeting vulnerabilities and misconfigurations in these devices and home networks to get to corporate networks and resources.
A Bitglass study from July 2020 revealed that 69% of organizations allow employees to use personal devices for work. However, it also noted that over half (51%) lack visibility into file-sharing apps, 30% have no control over mobile enterprise messaging tools and only 9% have cloud-based anti-malware solutions in place.
Remarkably, by November 2020, over half (51%) of organizations still didn’t have a BYOD policy in place.
An HP study from May 2021 revealed that over half (51%) of global IT decision-makers had seen evidence of compromised personal PCs being used to access company and customer data over the past year.