Not Enough Organizations Using BYOD Anti-Malware Software Protection

Despite all the attention COVID-19 has brought to the need to improve bring-your-own-device (BYOD) mobile security, 30% of organizations say they still don’t use anti-malware software protection.

Of those that do, 42% only protect the endpoint. And a mere 9% rely on cloud-based anti-malware detection, which provides more visibility and control over threats than endpoint counterparts.

In the past year, one in four organizations have fallen victim to malware that employees download to their personal devices. Then there are the 42% not sure if they have — a shocking finding considering the prevalence of WannaCry and other malicious hacks.

All this is according to the 2020 BYOD Report from Bitglass. However, to be clear, the company does not specify how many IT professionals the company surveyed to reach its statistical conclusions.

Nonetheless, organizations notoriously have been lax about enforcing security measures on personal devices — even during the pandemic. That’s a mistake managed security service providers (MSSPs) should seek to rectify.

Anurag Kahol is Bitglass’ CTO.

Bitglass’ Anurag Kahol

“The top two reasons enterprises hesitate to enable BYOD relate to company security and employee privacy,” said Kahol. “However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables.”

The COVID-19 Connection

Indeed, as a large percentage of people still work from home because of COVID-19, organizations face a greater imperative than ever to secure confidential data. Outside the confines of the corporate office, BYOD devices too easily risk exposure of sensitive information to family, friends or even curious strangers. Yet malware ranks among the biggest intrusions, especially as hackers seek to exploit pandemic fears.

MSSPs that do not yet oversee BYOD practices for customers might want to use these findings in sales and marketing discussions. The point about implementing anti-malware software protection is especially prescient. Due to the economic wallop of COVID-19, few organizations have the spare money to deal with ransomware demands, or recovery and cleanup efforts.

In terms of resolving the BYOD security conundrum, Bitglass offers the following advice:

• Enable data loss prevention for data at rest and in transit.
• Use selective-wipe technology to remove the organization’s information from a lost or stolen personal device. This does not require agents and will not touch personal data.
• Employ contextual access control, or identity access management (IAM), to govern access by parameters including user group, location and device type.
• Take advantage of advanced threat protection tools. These are programmed with machine learning to identify and block threats at upload, download and at rest.

It’s worth adding that zero-trust security already should serve as the norm. In this model, no one may enter the network without going through several layers of verification, regardless of whether the organization or employee owns the mobile device.

Bitglass is not the only firm to spot the increase in BYOD security problems because of COVID-19-fueled remote work. Soaring demand is generating sizable market potential. Global Market Insights last month said the BYOD security market will reach almost $1 billion by 2026. That will stand out as a 16.2% compound annual growth rate between 2021 and 2026. Moreover, anti-malware software protection will be a big part of that.

What MSSPs Can Do

MSSPs can capitalize on organizations’ need for greater BYOD security. Do this by acting as the customers’ complete security source, certainly, but also by educating end users on a consistent basis. Simple techniques such as sending fake phishing attempts over enterprise messaging platforms can go a long way toward helping people to identify potential threats.

Other top BYOD concerns noted in the Bitglass report include:

• Data leakage/user downloads of unsafe apps or content: 63%
• Users downloading unsafe apps or content: 57%
• Lost or stolen devices: 55%
• Unauthorized access to company data and systems: 53%
• Malware: 52%
• Inability to control endpoint security: 47%
• Device management logistics: 47%
• Keeping security software updated: 40%
• Regulatory compliance: 34%