BYOD vs. COPE: Protecting Data on Your Employee’s Mobile Devices

Founder & CEO at Dynamix Solutions

5/5 - (3 votes)

Over the past year, businesses have shown a great deal of interest in BYOD (Bring Your Own Device) to work.  This has its benefits and its drawbacks.

Implementing a BYOD policy improves employee-satisfaction and productivity. Using their own mobile device at work allows employees to take information from work home with them and allows them a level of comfort by using a device they’re familiar with.

As you can expect, there are security concerns. A survey by LinkedIn’s Information Security group revealed that there are many concerns regarding BYOD practices, and that the risk of leaking sensitive corporate data with a BYOD program is often too big for most businesses.  So most corporations and organizations have dismissed this idea.

There’s also been a lot of discussion about COPE (Corporately-Owned, Personally-Enabled) devices. Many believe that COPE will preserve the benefits of BYOD, allowing users to personalize their device without the security risk. COPE allows corporate policy makers and IT leaders a lot more control over which devices are supported, and what controls are implemented on devices even though they’re personalized.

With COPE, employees can send personal emails, download photos, and access social media websites. Application controls integrated on the device prevent corporate information from being accessed outside a defined set of boundaries.

COPE also increases the control that an IT department has over mobile devices, such as the ability to erase the device if it’s lost it or stolen. Yet more control over a device still isn’t enough for many businesses.

Smartphones Are Mini-Computers

Many employees believe their mobile phones aren’t at risk like their computers are.  But in reality, mobile devices are essentially pocket-sized computers. While COPE will help to decrease the security concerns on a device at the software level, the most effective way to protect sensitive data is through network-level protection.

According to NQ Mobile, mobile devices have become increasingly vulnerable to ill-intentioned individuals, as they’ve created many new cyber threats that can cause significant damage to a device. Many mobile security breaches have occurred due to malware attacks—exactly the same way a computer gets infected.  In many cases, mobile users don’t realize that they’ve downloaded harmful malware, and by the time they do, their sensitive data and databases have already been accessed.

Businesses can’t control these security breaches if the employee accepts a message with malware.  No software add-on can prevent this.  Employees often have trouble identifying a phishing message, which leads them to disclose usernames and passwords that can easily be used to gain unauthorized access to corporate systems.

Stop The Threat At The Source—Your Network

The best way to protect mobile devices used for business purposes is to stop the threat at the initial source—which is the network. The various anti-virus applications that are available in the iPhone App Store and in the Android Marketplace won’t detect a fraction of the threats, and can be disabled by malware that has gained administrative access to the device. These applications also drain battery life, and can slow down the device.  Network-based protection is the best bet for employers to detect, and prevent the threats that COPE can easily miss.

Many times, a device will get infected with malware when it’s off the corporate network.  When it’s reconnected it’s crucial to identify and diminish any suspicious outbound traffic, before an attacker can acquire any important data.

Mobile threats are more sophisticated than ever, and can attack with extraordinary speed. According to FireEye, the average business is struck with a malware attack every three minutes! These attacks can be extremely costly to a company—approximately $3,000 a day to recover.

By protecting the network, IT managers can secure tablets and laptops because at-risk data isn’t limited to mobile smartphones, and neither are threats. The BYOD and COPE movement has become a primary focus, and we need to protect employees who are working remotely using their mobile devices.

Develop a Security Plan For Mobile Devices

While employees are accessing business networks and databases from Wi-Fi networks outside the business place, companies need to keep in mind that they’re using unsecure public network access points. Companies should develop a security plan that will protect mobile users who are accessing 3G or 4G networks outside of the workplace. Devices that use the most data, or have the ability to communicate from machine to machine should be considered high-risk.

Businesses are continually investing in enterprise mobility, but before handing out new devices to your staff, or joining the BYOD or COPE movement; consider all of the security risks. Establish a clear security plan, using network-based strategies. Account for all of the devices that are connected, and ensure that your business is prepared for a whole new generation of security risks. COPE won’t address all of the security risks for mobile devices; however, it’s one step closer to a business world where we can easily implement network-level security needs.

Do you have questions or concerns about the safety of your mobile devices? Need help developing a Security Plan for Mobile Devices? Call us to arrange a no-obligation consultation, and learn how we can help