Could BYOD Policies Weaken a Government Agency’s Cyber Security Posture?

With the rapid rise of integrated technology, there’s no evading the widespread use of cell phones, tablets, laptops, and wearable devices. More than ever, it is rare to know somebody that does not own a device of their own. In fact, the Washington Post found that there are about 1.6 billion unique IP addresses in the U.S., meaning there are five internet connect devices to every one person.

That’s why businesses and government agencies have adopted BYOD, or Bring Your Own Device policies, as they’ve found less of a need to provide computers and cell phones for employees who already have their own.

 

What Is A BYOD Policy?

Providing tablets and mobile devices for employees is an expensive undertaking. Companies and government agencies are quickly realizing that they can get away with utilizing the technology that their staff members already have in their pockets simply by installing company software and applications. These BYOD practices can be a simple and cost-effective way of capitalizating on the ubiquitous nature of modern technology.

By foregoing the purchase of brand new devices for all of their employees, agencies can potentially save money that they otherwise would have spent on purchasing, supporting, and training on new equipment. Employees also realize the benefit of not having to transport multiple devices to and from their jobs.

 

The Downfalls of BYOD—Is It Worth The Risk?

Implementing BYOD policies also comes with a not-so-obvious cost: when employers and government agencies allow foreign devices into their networks, they are ushering in the opportunity for potential cyber security breaches from outside parties. Personal computers are taken in and out of the office, which means sensitive data is leaving the office as well.

This also allows internal employees and government officials to be able to share confidential information at will. Case in point: in 2016, Hillary Clinton’s email system was inspected by the State Department and found to be in violation of government policy, as she had her email set-up on a private computer and server, rather than a government-issued system. This means that her 55,000+ highly classified emails had the potential of being misused or shared inappropriately.

Many other politicians and government officials have also used private servers to send confidential emails. In fact, according to a survey published in the U.S. State and Federal Government Cybersecurity Report, government agencies ranked as the third-lowest performing industry in overall security. The opportunity for cyber attacks and misuse of information is evident in these instances, and, with the rise of cyber threats in recent years, should not be taken lightly. Protocols for corporate firewalls are not as strong when implemented on personal devices. For this reason, companies are adopting preventative measures.

  Source: https://cdn2.hubspot.net/hubfs/533449/Images/SecurityScorecard%202017%20Govt%20Cybersecurity%20Report.pdf

Source: https://cdn2.hubspot.net/hubfs/533449/Images/SecurityScorecard%202017%20Govt%20Cybersecurity%20Report.pdf

 

Data Is Everywhere

Smart technology is integrated into just about every aspect of modern society. Data is transferable through any device with a network, including:

  • Cell phones

  • Tablets

  • Laptops

  • Watches

  • Smart TVs

  • Home lighting and sound systems

  • Modern automobiles

  • Heart implants

  • GPS tracking devices for animals

  • Smart Refrigerators

 

This network of transferable data is called the Internet of Things, or IoT, referring to any device with a unique IP address. While modern technology has certainly paved the way for innovation and improvement, the connectivity between devices enables hackers to compromise any available data on a server. This means that, once a government employee’s personal tablet is compromised, the next time they connect to their agency’s in-house server, the hacker can access other company data on that server, and the dominoes begin to fall.

  Source:   https://www.ncsc.gov.uk/guidance/byod-executive-summary

Source: https://www.ncsc.gov.uk/guidance/byod-executive-summary

 

How Can A Government Agency Prevent Cyber Security Attacks?

Cyber attacks happen every day, and major security breaches seem to be increasing in frequency. In March 2018, a ransomware attack took down the city of Atlanta’s networks, which eventually resulted in the city spending $2.6 million in recovery costs. In that same month, The US Departments of Justice and Treasury reported stolen intellectual property from more than 300 universities, government agencies, and financial service companies.

With increasingly determined hackers and ever-changing technology, there may be no one way to totally protect your agency from cyber security threats. However, there are ways to prepare for these events, as well as simple precautions to take to lower the chances of a cyber attack.

 

Better IT Posture Through Prevention

Consistently update technology

As technology improves, cyber attackers are more motivated than ever to beat the system. Better technology usually equates to more secure connections, but that also means that outdated devices become increasingly susceptible to highly-skilled digital deviants.

Make your policy clear

Employees should know exactly what they are and are not allowed to do with their devices and government information. Usually policies on sharing data come with different clearances, but there are always grey areas when it comes to personal usage. Ensure that your company policy is obvious.

Provide training to federal employees

Tons of employees are unaware of basic cyber security prevention. It is crucial to educate your employees on what types of actions cause security breaches and how to recognize potential threats. As new technology and software is introduced, it is also important to provide employees with the resources they need to successfully and securely integrate these platforms into their daily work life.

Consider an alternative solution

With the rise of threats that come from utilizing BYOD programs, some organizations are turning to CYOD, or Choose Your Own Device policies. CYOD allows employers to select several devices that have been optimized for corporate security and then offer that list to employees who can select the device that they would be comfortable using.

Have a backup plan

If an employee loses their device, what happens to government data? Implementing a Mobile Device Management system on your employees’ computers and cell phones will allow your company’s infrastructure to wipe the device clean of all information in the event of a loss or theft.

 

Zero Trust/Zero Tolerance

Government agencies can also choose to forgo BYOD policies altogether, or act as if every individual, inside or outside the company, is an equal threat to the organization’s infrastructure. This Zero Trust Security Model assesses and recognizes all devices on the network, verifies user access with multi-step authentication, tiers access and security privileges, and utilizes a strong data policy to prevent their system from attacks and human error. This model offers optimal protection from breaches and treats all points of contact equally.

 

Protecting Your Organization

The worst mistake you can make is doing nothing at all. Technology is constantly advancing, and hackers are stealing private information every single day. When you’re ready to bolster your agency’s IT posture and protect it from a digital downfall, Federal Resources Corporation can outfit your organization for success. Contact us for your hardware, software, cloud procurement, and training needs to help keep your information safe.