A corporation has recently implemented a BYOD policy at their HQ.
Which two risks should the security director be concerned about? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BC.
The security director of the corporation implementing a BYOD policy should be concerned about several risks. Among those risks, two of them are:
Malware: Malware is malicious software that can be installed on a device to cause harm, steal data, or disrupt the network. When employees bring their personal devices onto the company network, there is a risk that those devices may have malware installed on them, which can spread to other devices and compromise the network's security. The security director should ensure that all devices are regularly scanned for malware and that employees are educated about the risks of downloading apps and software from untrusted sources.
Lost and stolen devices: BYOD policies mean that employees are bringing their personal devices into the workplace, which can increase the likelihood of devices being lost or stolen. A lost or stolen device can pose a significant security risk, particularly if it contains sensitive company data or access credentials. The security director should implement policies and procedures to ensure that lost or stolen devices are reported immediately, and that data on the device is encrypted and can be remotely wiped if necessary.
Option A, network analyzers, may be a concern, but it is less likely to be a risk for BYOD policies specifically. Network analyzers are tools used by network administrators to monitor and troubleshoot network traffic, but they can also be used by hackers to intercept and analyze network traffic. However, this risk applies to all network traffic, not just traffic from personal devices.
Option D, keyloggers, is a concern if an employee's device has been compromised by malware or unauthorized software. A keylogger is a type of malware that records everything a user types, including usernames and passwords. However, this risk is more specific to malware than to BYOD policies.
Option E, unauthorized users, may also be a concern, but it is not specific to BYOD policies. Unauthorized users could attempt to gain access to the company network or resources, regardless of whether those resources are accessed through personal or company-owned devices.