It is virtually impossible to discuss network security these days without bringing up BYOD. According to a poll released by ESET a few months ago, over 80 percent of us use some sort of personal device, ranging from a personally owned desktop computer to a personally owned tablet, to connect to the company’s network. I’ve written quite a bit on the topic, pointing out the importance of coming up with a security policy that focuses specifically on BYOD and educating employees on how to use their devices safely and smartly.
But I saw an article this morning that put a new wrinkle on BYOD. For some companies, it isn’t only employees who are accessing your network. What about the companies providing Wi-Fi for guests or customers? Or visitors to your business who log in to your network with their own BYOD (or their company’s devices)?
The article I saw was in PC World, a conversation with the CIO for the San Francisco Giants and the fact that fans want an interactive experience when they come to the ballpark. This isn’t a situation unique to the Giants. It is a story that straddles the sports pages and the business section — discussions with the owners and top officials with teams on how to “enhance the fan experience.” (Silly me, I always thought if I am going to spend $100 for a ticket, I was going to pay attention to the game.) There are apps that are specifically geared to use in the ballpark. I discovered that last year on our way home from a game in Pittsburgh’s PNC Park. The Major League Baseball AtBat app provides all kinds of in-stadium features that can only be accessed when you are actually in the stadium.
The PC World piece pointed out the phenomenon of being wired in at the ballpark:
The use of mobile devices by fans is tied more to things like in-game status updates on social networks, which is a lot different from just five years ago when text messages were the major form of such communication. The company has to update bandwidth and storage on a regular basis as it tries to provide the best technology resources to baseball fans.
And, of course, Giants employees also use their own devices and the team’s small IT department developed a simple one-page security policy for employees, which includes limited access to the company network.
While much of the customer-use part of the story involves bandwidth and how to make the fans' experience more enjoyable, the article did make me think about how I as a consumer might be a security risk to a company. Do I have access to their network when I am at the business site? Maybe, depending on the type of business I’m doing. What happens if I should download something malicious at a hotel? Does it affect anyone else but me? And what are these companies doing to keep my computer safe while I’m using their resources?
If nothing else, this piece is a good reminder that BYOD spreads a lot farther than we think. It seems like anyone with a device is a possible risk. How are you evaluating that risk?