The Bring Your Own Device, or BYOD, revolution until recently was naively believed to be a problem affecting big business solely. Whether we like it or not, this just purely turned out to not be the case. While the earnest discussion about the problem began a few years back, this issue has been around for small businesses in some form for the better part of the last decade.
But more importantly, how does this trend affect your role as a consultant, and why should you be concerned? For numerous reasons, actually. The small businesses you support are likely seeing more devices enter their networks than ever before, which means the possibilities for data leaks, mass infection, and security breaches are at an all time high. Ignorance is not a great plan for the long run.
This topic is quite timely on my own end, as customers of my company FireLogic are finally realizing the risks that all of these foreign devices pose. While it’s definitely not my place to play small business tech referee, as a trusted adviser, I do see fit to provide my honest opinion. Whether it be security related or in consideration of bandwidth limitations, BYOD is hitting small business hard. Here’s my top recommendations for easing the burden on your customers’ networks and offices.
Pitch Unified Threat Management (UTM) devices to replace standard SOHO routers
These bona-fide devices go under many different monikers, such as Unified Security Gateway (USG) by Zyxel, but their premise is roughly the same. Instead of beefing up security at the client-side as was the norm for the past decade or so, computer repair consultants now have a better option at their behest. These routers-on-steroids combine top notch firewall functionality with enterprise-level threat prevention to stop attacks and malware before it ever enters the network.
These small to mid-size business “all in one” router/switch/firewall+ devices not only have advanced filtering power, but they all have some flavor of subscription-based capability to tack on additional fringe benefits (for a cost, of course.) In example, Zyxel’s USG line of small business security routers can pull definitions for antivirus scanning, spam filtering, and intrusion (hacking) prevention. For a mere $150-250USD, small business customers can finally play with similar network security gear that the big boys have had for years.
Some of the popular other choices on the market include Netgear’s Prosecure UTM line, SonicWall’s TZ series, and the WatchGuard FireBox XTM line. I tend to like Zyxel’s bang for the buck, but each manufacturer offers differing benefits. Be sure to do your research before purchasing any of these firewalls.
Use VLANs and Guest SSIDs to separate network access by devices
Most decent SOHO routers (nearly any of the above recommended UTM devices) allow for the easy creation of VLANs to separate distinct safe (internal) traffic from insecure (guest) traffic by employee and visitor smartphones, laptops, etc. Many companies I work with are going a step further to also introduce separate wireless SSID broadcasts to segregate WLAN traffic. This division of traffic allows possibly-infected devices to keep trojans and other roaming nasties off the private internal network, while still providing necessary internet access for guests and their devices.
You can read further about the concept of VLAN segregation on Wikipedia.
Consider recommending a proxy server for your customers
Proxy servers still serve a valid purpose. If a small business you support is having a tough time with unregulated website access, a proxy server could be the difference between YouTube eating up all the bandwidth or business running smooth as silk. Sure, there are plenty of paid products out there, such as the Smoothwall line of appliances, but cheaper options exist.
I covered this dirty little secret in my article on refurbishing customer PCs into purpose-driven feats of magic. There are a bevy of freeware or open-source proxy server distributions out there. I covered IPCop in the aforementioned article, but Untangle is another wonderful option. That old Windows XP tower gathering dust could be easily transformed into a powerful proxy server at little to no cost for a customer. Talk about saving the day on the cheap!
Configure Posture Assessment functionality if available
Posture Assessment is a fancy term for something the enterprise IT world has been using for many years already, known also as Network Access Control (NAC). Many of the UTM devices I recommended above, like the Zyxel USG firewall routers, offer posture assessment capability. You know the saying “No shirt, No shoes, No service.” Well, PA is merely the network access equivalent.
You can specify the UTM device to require, for example, that any Windows 7 computers trying to get onto the internet over the company connection must have SP1 installed. Likewise, Vista systems could be asked to show proof of having SP2 before being allowed access. If they don’t meet the necessary requirements, the firewall can direct them to the proper place to download the necessary security updates.
Yes, these rules require some fine-tuned calibration to work properly, but I have implemented them at a few select locations with much success where infections commonly crawled in from guest devices. While they are not fool proof by any means, they do add an extra layer of security by keeping the worst security offenders at bay to a fair extent.
Don’t forget that solid HR policies on BYOD still work wonders
Not every technical problem needs to have a technical solution to be effective. For a lot of small businesses I serve, helping owners work up a solid BYOD policy is usually as good as implementing any of the above technologies. As long as management follows through and enacts consequences, workers tend to abide. Technology shouldn’t be a band-aid in place of good human resource leadership; it should merely be there to supplement the former.
Let’s be mindful that the BYOD landscape is rapidly evolving still, and it’s anyone’s guess as to what the office of the next five to seven years will resemble. Acting as a trusted technology liaison to recommend cost-effective solutions where HR needs a helping hand is exactly the position you should be exemplifying. My list of recommended options above is not exhaustive by any means – I merely described the most common technologies I’m implementing at customer sites. Mix and match my recommendations, and consider some of your own, when dealing with similar situations and you will have more than a few tricks up your sleeve.
How do you handle BYOD and the risks it brings with your customers? What technologies do you turn to? Are there any suggestions I forgot in this article? Feel free to let us know in the comments area below!