How to solve BYOD for Cyber Essentials

Max Harper
13.09.23 10:06 AM Comment(s)

"If your device is used to connect to the business network or access any business information, the device is included in the scope for Cyber Essentials."

Why should you get Cyber Essentials?

Cyber Essentials is an effective, Government backed scheme designed to help you protect your organisation. Organisations get it to:

  • Reassure customers and supply chain that you are working to secure your IT against cyber attacks
  • Attract new business with the promise you have cyber security measures in place
  • Many Government contracts require Cyber Essentials certification

What is BYOD?

BYOD - Bring your own device is the concept of employees using their personally owned device(s) for work purposes.

Work stuff on personal mobiles, why would I allow that?

Remote and flexible working is the new norm. Organisations want to empower their employees to get the job done. Many businesses have reported an increase in productivity from their staff being able to use their own devices for work purposes. Plus, there's a cost saving exercise by not having to fork out lots of money for expensive paperweights (work mobiles!).

BYOD Challenges

Although the idea of BYOD is an attractive prospect to most organisations, it does come with a conflicting set of security risks and challenges... including:

  • Ensuring personally owned devices and their owners comply with company policies and procedures
  • Protecting corporate data
  • Protecting corporate infrastructure
  • Protecting the personal privacy of the end-user/device owner
  • Ensuring legal compliance and meeting contractual obligations

What's in scope for Cyber Essentials for BYOD?

Very high-level, you will need to consider the following sub-categories:

  • Secure configuration - Is there a password or passcode set-up on the device?
  • Patches and updates - Is the OS in-date? Has the device been jailbroken?
  • Malware protection - Can this device protect the user against dodgy web pages, files, and malicious applications?

So, what is the solution?

Privacy by design Mobile Threat Defence. (MTD)

How is this different to an MDM?

Quite simply, MDM is just for managing your organisation’s devices – it can deploy policies wholesale, restrict access to particular apps or services, or act as a VPN.

However, it doesn’t have any threat detection, analysis or remediation capabilities. So it can’t block phishing, stop malware, guide users to remove threats, identify permissions abuse on Android, or scan WiFi networks for attacks like an MTD can.

How can I use MTD to prove compliance?

Find a solution that can provide you with real-time Compliance Reporting.

  • Copy and paste responses: Explanations of how MTD ensures compliance for each mobile-related section of the Cyber Essentials framework. So if you’re compliant, you can just copy and paste the details into your application.
  • Compliance summary: See at a glance, in real time, how your organisation’s mobile devices stack up against the requirements, so you can take steps to ensure full compliance across the board.a picture of Trustd MTD Dashboard

How does Spear Shield help orgs protect Mobile users?

Spear Shield are currently running a FREE Mobile security assessment that can help you identify:

  • Would our mobile devices that we have in scope pass Cyber Essentials today?
  • How compliant and secure the mobile devices that being used by my employees are (both BYOD and Corporate owned devices)
  • What mobile security threats and risk are my mobile users facing?
  • Could a Mobile Threat Defence solution help support internal policy, enable us to introduce BYOD and bring benefit to our employees and organisation

Max Harper