Certified Ethical Hacker (CEH v13) — Question 81

You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.

Answer options

• A. Provide employees with corporate-owned devices for work-related tasks.
• B. Require all employee devices to use a company-provided VPN for internet access.
• C. Implement a mobile device management solution that restricts the installation of non-approved applications.
• D. Conduct regular cybersecurity awareness training, focusing on phishing attacks.

Correct answer: D

Explanation

The correct answer is D because regular cybersecurity awareness training helps employees recognize and avoid phishing attempts, thus reducing the likelihood of future incidents. Options A and B restrict user autonomy and do not address the root cause of the issue, while option C, while helpful, does not actively engage employees in understanding the risks associated with their device usage.