NIST Releases Draft BYOD Guide

The National Institute of Standards and Technology (NIST), whose Cybersecurity Framework is becoming the standard in the federal government, as well as more than half the private sector, has drafted two publications addressing mobility, BYOD and the threats these smartphones, tablets and laptops pose to data security.

The publications, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security and User’s Guide to Telework and Bring Your Own Device (BYOD) Security, are designed to address the risks posed by endpoint devices used by employees, contractors, business partners and vendors, which are increasingly the source for data breaches by way of lost or stolen devices, malware, insecure apps, the use of public WiFi and a myriad of other ways that data is directly or indirectly exposed from mobile devices. These mistakes are the direct cause of data loss as well as the indirect cause of major breaches. As many as 36% of cyber security incidents can be tied back to attacks on mobile devices where exposed records, credentials or other information are used to exploit corporate networks.

“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” notes Murugiah Souppaya, a NIST computer scientist.

The NIST publications make it clear that new technologies are critical to securing endpoint devices. Enforcing mobile policies and having a persistent connection to all the devices in use, on network or off, is key to ensuring that the devices and the data they contain remain protected. This visibility is exactly what we offer here at Absolute, alongside remote capabilities to automatically or manually lock down devices or data that may be at risk (based on pre-defined risk situations).

As we’ve discussed in an earlier article, “The Endpoint Is Back on the Agenda (and It’s a Huge Security Threat),” it’s imperative that you have visibility over devices that contain data or network access. Knowing where your endpoints are, what data they store, and what security tools are active and enabled helps you maintain visibility and prove compliance. Learn more about how we can help at Absolute.com