Bring your own device (BYOD) programs can potentially save organizations big money on equipment—and they might have other benefits, like increased productivity.

But those gains come with trade-offs: decreased control over an organization’s attack surface, managing a workplace with non-standardized IT inventory, and concerns over workers’ privacy. Experts who spoke with IT Brew laid out some of the best practices organizations can adopt to minimize the chances of a BYOD disaster.

Don’t just flip the switch. BYOD programs require careful planning. Erick Galinkin, principal researcher at security firm Rapid7, told IT Brew the “number one” prerequisite for implementing a BYOD policy is a strong data classification regime.

“You are always going to have very sensitive corporate data, and then you are going to have less sensitive corporate data,” Galinkin said. With the former, he added, “There are real tangible impacts of that information getting out…We would never want somebody’s device where we couldn’t guarantee the security of that device to touch that data.”

Having that data classification policy in place allows administrators to identify which data shouldn’t be touched by which devices, Galinkin told IT Brew: “Environments where people can access corporate data from their cell phones can go awry very quickly.”

Read more here.—TM

Achieving compliance isn’t the most straightforward process. Secureframe helps businesses get there easily through a comprehensive automation platform—without all the twists and turns.

Secureframe uses 150+ integrations, built-in security training, vendor and risk management, and more to make compliance uncomplicated. And once you achieve it, they’ll help you keep it by continuously detecting and remediating misconfigurations across your tech stack.

In need of cloud remediation? Secureframe has your back. Secureframe’s Comply AI for remediation makes fixing failing controls simple and speedy so you can secure your cloud environment and get audit ready.

Whether you need SOC 2, ISO 27001, or anything in between, Secureframe’s experts can guide you through every step of the process. So don’t delay—book a demo.

Many industry pros are increasingly channeling their inner Bill Gates in 2004 and predicting the decline of the password.

The PW prognosticating demonstrates some confidence in the IT world that a passwordless infrastructure is now sufficiently in place. What’s left is to convince newcomers and skeptics of biometrics and passkeys’ usability. Enterprises and developers can do this with pilot programs and test runs.

“The most notable shift over the past couple of years has been that every major platform vendor is now supporting open standards for passwordless authentication that are in their flagship operating systems. So, this means for the first time that virtually every modern computing device has the capability to support passwordless authentication,” said Andrew Shikiar, executive director and chief marketing officer at FIDO, during a May roundtable discussion led by authentication provider Okta.

Read more here.—BH

The private information of Louisiana drivers was exposed in a massive breach, officials announced on June 15, as part of the global ransomware attack that exploited a MOVEit software vulnerability and affected agencies across the federal government. CI0p, the Russian-linked ransomware-as-a-service syndicate, is allegedly behind the attack, Reuters reported. The attack appears to have begun on May 31, though the vulnerability was identified as early as 2021.

The state’s Office of Motor Vehicles said in a June 15 statement on the theft that it was still unclear if threat actors “have sold, used, shared, or released the OMV data obtained from the MOVEit attack”—but the scope of the hack is stunning.

All Louisiana drivers’ names, addresses, Social Security numbers, birthdays, height and eye color, license numbers, and vehicle registration information were likely exposed.

Keep reading here.—EH

Today’s top IT reads.

Stat: 75%. That’s how much of Amazon’s products are handled at some point by robots at fulfillment centers. (Wired)

Quote: “Trying to find qualified land sites that have sufficient power to stand up these facilities—you need 10 times what I built in 2006.”—Jim Coakley, a data center developer and manager, on the sector’s growth (the New York Times)

Read: AI is helping baseball scouts judge draft talent, and some in the industry have doubts. (the Wall Street Journal)

Game changer: With AI + automation on the rise, nearly half (46%) of organizations plan to increase their automation this year. Want more stats? Appfire’s new report has tons of insights on automation’s impact. Read it.*

^{*This is sponsored advertising content.}