Unmanaged personal devices should not be allowed to connect to corporate networks

Updated September 2024

It's dangerous to allow unmanaged personal devices access to the corporate network but with a distributed workforce as well as sub-contractors and visitors, there are many Australian organisations in this situation. What should they do? 

Unmanaged devices on the network have always been a challenge, but the Covid-19 pandemic escalated the issue with many organisations rolling the dice and allowing remote workers to access their corporate networks from personal devices and home networks.

These devices could include mobile phones, laptops, tablets, desktops, USBs; and some employees exacerbate the risk by using public or personal WiFi internet connections to access the corporate network. 

What are the risks of unmanaged personal device access?

The rise in unmanaged network-connected devices increases the attack surface of the enterprise and allows cybercriminals to capitalise on the weakest link - the user endpoint - to gain a foothold into the network.

If compromised devices on the network go undetected, they can be used as launch pads to target higher-value assets, gain access to sensitive information, and cause significant business impact.

The biggest security risks associated with unmanaged devices are

• IT lack of visibility of unmanaged endpoints and inability to enforce security protocols
• Employee lack of commitment to security practices and risky behaviour exposing the network 

The outcome of these two risks is an increased likelihood of a cyber security incident which could involve lockdown or loss of corporate data, resulting in significant financial and reputational loss.

How much of a risk are unmanaged endpoints really?

• 36 percent of Australian workers say they often or always use personal devices like mobile devices and computers to access corporate data
• 41 personal of Australian workers surveyed did not have basic password protection on all of their personal devices
• 49 per cent of Australian remote workers have IoT devices connected to their home network, eight per cent using lesser-known brands

These statistics are from a survey by Trend Micro ANZ and are aligned with the results from other countries around the world. All of these behavioural practices spell danger for corporate networks if they have not been adequately insulated against cyber attack.

Even remote workers with corporate devices, behave in ways that threaten the security of the network including

• 68 per cent of Australian remote workers connect corporate laptops to the home network

• 80 percent of remote workers use their work laptop for personal browsing

• 56 percent of employees have downloaded a non-work application onto their corporate device

What is the answer to protecting against unmanaged endpoints?

A risk-based approach is needed to select and apply different levels of visibility and control.

Banning all unmanaged devices from accessing the corporate network is unlikely to be a realistic option. 

Ultimately the challenge is to bring a level of visibility and control to unmanaged devices, and safely enable their use.

To achieve this, a process is needed to find devices that are not secured, appropriately control their connections,
monitor their traffic and behavior, and block any malicious behavior.

All of this needs to be done in the context of how a device is used so that only the actions and privileges that are required to support the business are sanctioned.

Four Steps to Address Unmanaged Network Access

For corporate-owned devices, the simplest way to address the issue could be to apply the combination of a Unified Endpoint Management (UEM) agent to the endpoint; and apply a Zero Trust policy.

However, for contractors or personally-owned devices, it is unlikely that end users will agree to, or reliably enable, the installation of an endpoint agent. So what to do? Below are the four steps you would need to navigate.

Step 1. Automate discovery of all unmanaged devices

Establishing visibility is a critical first step. You can't manage what you can't see. Having a complete asset inventory of all devices on the network is a critical foundation for an effective security solution. Given that unmanaged devices can be transient, such as a device introduced by an employee or contractor, it is important that the device discovery process is both continuous and automated.

Step 2: Profile acceptable behaviour

Once a device is visible, the next step is to understand what it is doing and whether the actions are acceptable. This means observing device behaviour over time to establish baselines, and comparing observed behaviour to other devices of a similar type or functional role. This profiling should include an understanding of common network connections, protocols in use and other typical behaviors. This phase is also critical for understanding how a device is used in the enterprise, so that we can establish appropriate policies that truly enable the device and the business.

Step 3.  Establish and enforce appropriate behaviour

Next, is to proactively control the attack surface presented by unmanaged devices. This will require the organisation to establish sanctioned behaviours based on the type of device and its role. At a high level, this means setting what is allowed, and denying the rest.

Step 4. Identify and stop malicious behaviour

Having identified and enforced approved behaviour, the next step is to identify malicious behaviour. As well as identifying the signs of malicious tools and techniques, it is also necessary to monitor for signs that a device may be compromised. Once a threat is identified, there needs to be in place the ability to block the threat automatically. If a device is acting as an exfiltration channel of the network, we obviously need to stop the flow of data automatically in order to mitigate damage.

Consider MobileCorp and Ericom Security to 'manage the unmanaged'

As an alternative to the above process, you could look at installing a clientless security solution like Ericom Security's ZTNA solution to give them least-privilege access and control their ability to access and share data.

MobileCorp is an Australian ICT services company who assists enterprise and business to solve mobility issues. We recommend Ericom Security by Cradlepoint to provide secure access for the unmanaged devices on your network. 

Ericom Security isolates web and applications to protect them from third party access risk and threats from compromised devices. 

Ericom is a clientless solution that allows BYOD employees and 3rd party contractors access to your public or private web and cloud apps via an isolated, secure cloud environment, where granular data and access security controls are applied to prevent data loss.

Contractors log in through a standard web browser, yet apps and data access are controlled by your IT team:

• Block file uploads/downloads
• Sanitise uploads to prevent malware injection
• Apply DLP to downloads to prevent data exfiltration
• Limit/disable cut/paste functions (clip-boarding) to protect data
• Present apps in “read-only” mode to bar text changes
• Keeps app data from being cached by unmanaged device browsers
• Enforces IP-based access control, with access permitted solely through WAI
• Turns web applications “dark” to attackers and unauthorised users
  
  

About MobileCorp

MobileCorp is an enterprise ICT solutions company with a mission to deliver our customers a communications technology edge. We provide Managed Mobility Services, Enterprise Mobility Management, Complex Data and IP Networks, and Unified Communication solutions. We have a proven track record providing managed services for Australian enterprise and business, and we are a Telstra Platinum Partner.