Vulnerability Assessments for Mobile Devices in The Byod Environment

Introduction

Mobile devices have become embedded in our personal lives. Today employees are being allowed to use their personal devices in the work environment alongside the corporate-provided devices. Organizations have incorporated these devices into their systems. Organizations can't physically stop the utilization of mobile devices for both work and individual motivation, yet they have to know how to control it. Mobile devices may result in security vulnerabilities in a BYOD environment. Security vulnerabilities result to phishing and unauthorized access to both the user and organizational data (Disterer & Kleiner, 2013).

Discussion

There exist security issues in a BYOD environment which comprises of the following

Lack of security controls

Mobile devices are built with physical security capabilities such as PIN, pattern locks and biometric readers for user authentication. However, most consumers do not make use of these services hence leaving their data exposed to third parties who may want to snoop on their data. Other users use the PIN but use easily predictable ones that are easy to bypass. Mobile devices once lost can result to further vulnerability issues since they may land in the hands of people who can access the data including credit card numbers and other private data in the devices.

Use of untrusted networks and mobile devices

Some mobile devices do not encrypt information such as emails during transmission. Counterfeit mobile devices do not meet the set standards and hence they can be used for identity theft and have poor security. Wireless transmissions that are not encrypted result to data interceptions during transmission over the wireless network. When using untrusted networks, eavesdroppers gain easy access to sensitive data and information.

Use of untrusted applications and content

Untrusted applications may steal user information and will also not encrypt the data they receive and transmit over the network. Applications that do not use https result to the interception of the data during transmission. Some websites contain malware that automatically download into the users’ devices without their knowledge. Accessing untrusted content may also result in surveillance. Without a security software, malware is downloaded into the devices and can be used for phishing of information. The malware also affects the functionality of mobile devices since they use resources that would have otherwise been used by other applications in the device (Cooney, 2015).

These vulnerability issues caused in the BOYD environment have to be addressed to ensure cyber security. There are various ways policy controls that have to be put in place so that cyber security can be a success. These controls include:

Enabling user verification in mobile devices.

Enhancement of user verification is through the use of passwords, patterns and PIN codes. There should be user sensitization on the benefits of using a strong password to secure the data in your mobile devices. The devices should be able to activate idle-time screen locking so that devices automatically lock themselves once they are not in use. Password fields should also hide characters as they are entered to prevent it from being observed. Users can also remotely lock their lost devices and even erase their data whenever they lose their devices. Devices can also be unlocked by the user in case the user locates it.

Application and content verification before use and access.

Verify all applications downloaded to ascertain that they are genuine. Verification can be done by assessment of the digital signatures to ensure that they are genuine. When performing sensitive transactions, users should enable two-factor authentication. These provide higher security than when using old-fashioned passwords.

Installation of antimalware software.

Mobile devices should also have antimalware software installed. Antimalware software protects the device from untrusted applications, viruses, and spyware. Installing firewalls is also necessary since firewalls protect against unauthorized connections by interceptions of both incoming and outgoing connections. They use a type of rule to control what comes in and what leaves the devices (Cooney, 2015).

Download and Installation of OS updates

Ensure that the operating system is up to date. Operating system updates come with security updates to the current security vulnerabilities. Users should ensure that once the manufacturer releases OS updates, they should ensure that they have been installed.

Most of the recommended policy controls to address the vulnerabilities require human intervention to be successful. Hence, if the users do not take note of the need to put security measures on their mobile devices, it will not be enough to secure their data. Tech firms should start campaigns to teach users about the need to address security vulnerabilities in the mobile devices. It is only through the users that the security can be improved. Users should also refrain from using unsecure Wi-Fi networks.

Humans affect the cyber security policy directly since they are the creators, users and manipulators of the information systems and the mobile devices. By designing controls, humans can ensure that the systems and the mobile devices are secure and less vulnerable to attacks. (Kakareka, 2013).

According to IBM’s 2014 cyber security index, 95% of all security cases are as a result of human error. Human error is a key cause of security vulnerabilities in the mobile devices also. Mobile devices use the same information systems as the other devices (Howarth, 2014).

The things that mainly undermine cybersecurity are the wrong behaviors of users. Whatever the measures the users refuse to take to ensure cyber security, results to vulnerabilities in the systems opening it to cyber threats. Actively involving the users in securing of information in an organization is essential since they play a pivotal role in enhancing cybersecurity (Paganini, 2012).

Conclusion

In conclusion, it is clear that cyber security greatly depends on the human contributions. BYOD is here to stay hence to ensure security in this environment; the organization should place security solutions. Personnel has a crucial part to play in ensuring security. Every step has to be carefully planned to start with the creation of a BOYD policy and its execution. With a comprehensive and security-focused BYOD policy in place, businesses can alleviate the risks of BYOD while taking full advantage of its benefits.