Certified Ethical Hacker (CEH v12) — Question 140

You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.

Answer options

• A. Provide employees with corporate-owned devices for work-related tasks.
• B. Require all employee devices to use a company-provided VPN for internet access.
• C. Implement a mobile device management solution that restricts the installation of non-approved applications.
• D. Conduct regular cybersecurity awareness training, focusing on phishing attacks.

Correct answer: D

Explanation

The correct answer is D because conducting regular cybersecurity awareness training ensures that employees are informed about the risks of phishing and can recognize suspicious activities. While A, B, and C provide alternative security measures, they may infringe on user autonomy and do not directly educate employees on how to avoid falling victim to phishing attacks.