I think the recent news about the cyber attacks in hotels is as good of an example as there is on the importance of strong security with BYOD. Whether or not we are authorized to use our devices for work and whether or not we are traveling on vacation, we have become a society that is addicted to our gadgets.
Last week, the FBI warned that hackers were targeting guests in hotels outside of the U.S., using malicious pop-up windows when travelers tried to establish an Internet connection in the hotel room. The danger may have been happening for months - according to Wired, Bloomberg reported on widespread hacking that included at least one hotel network. The FBI advised anyone traveling abroad to make sure their computer security was up-to-date before leaving home.
That's good advice, of course. It's obvious advice. But, if you know an employee is traveling abroad and may connect to the corporate network, can you verify it is heeded advice? Can you be sure that an employee traveling for work or pleasure is going to check their email on a device that is totally updated and as secure as can be? Probably not.
Stephen Cobb at ESET provided a great list of tips on what everyone should do before leaving home (like tips 1 and 2 to ensure operating systems and AV software are updated and back up everything before the laptop is put into the car) and how to keep data safe while on the road (such as tip number 6, which says if the hotel Internet wants you to update software in order to connect, log off immediately).
But let's be honest here: If someone is reading's Cobb's blog post or the blog posts of other security experts, or perhaps even this post, that person is likely someone who is heavily invested in IT security. These tips are being preached to the choir, so to speak, when it is the general congregation who most need to hear the lesson.
If you want to protect your network, you have to make sure that employees know the risks out there. Tips like Cobb's need to be actively shared, especially if your employees are using devices that aren't controlled by corporate IT. Don't expect employees to search out news about security - they won't. In the era of BYOD, the more steps IT and security professionals take to bring employees into the loop, the better the chances at keeping data secure. Even when it is being accessed through a hotel Internet connection on the other side of the world.