Why you should think twice before implementing BYOD
We highlight some of the risks associated with implementing a Bring Your Own Device (BYOD) policy, particularly from a security perspective.
BYOD is an acronym that stands for Bring Your Own Device. It is a concept that has proved popular with businesses over the years as it has saved them money on purchasing assets for employees. The recent shift to remote working has also seen many employees rely on their personal devices to remain connected. However, in this post, we highlight some of the risks associated with BYOD, particularly from a security perspective.
The Disadvantages of BYOD
Increased security risks
Personal devices rarely offer the same levels of protection as company devices. The latter are often installed with sophisticated IT security measures, including antivirus software, blacklisted sites and password protection. Without the tools and systems to monitor personal devices, IT teams may be unaware of potential security breaches. In fact, most owners of an infected smartphone are unaware that their device is carrying malware. This in turn can infect an entire business network. In addition, outdated mobile operating systems can be a major target for cyber-attack so should be kept up to date.
To combat these risks, businesses can implement Mobile Device Management software. This software helps to manage and monitor personal devices but can lead to employee resentment and a sense of invasion of privacy.
Increased complexity for your IT Department
Employees with their own devices are likely to have a range of devices with differing operating systems and software. This makes it more difficult for your IT department to support these devices should any issues arise. Moreover, there may be compatibility issues with specific software required for employees to perform their roles remotely.
Loss of Control over Devices
A major security concern over BOYD is the lack of control around devices, particularly if an employee leaves the business or loses their mobile device. If a device is stolen, there is an extremely high probability that sensitive data will be on that device. This could result in a data breach with wider implications for the business.
With company devices, IT departments are able to remotely wipe all data on that device. When it comes to personal devices however, employees may be unhappy to lose personal information such as contacts, pictures and messages.
As mentioned previously, mobile device management software can help to mitigate these risks. Personal information can be separated from company data, thereby enabling you to only wipe company data.
Data privacy concerns
There are several privacy and legal issues to consider when implementing BYOD. Employees need to be aware of their legal obligations of retaining, storing or transferring certain data. Furthermore, employers should be clear with employees about what information they have access to on an employee’s personal device.
Productivity Issues
With BYOD, mixing business and personal use is inevitable. The temptation for employees to check social media sites such as Facebook and Instagram or to play games on their phone during working hours is worse. You are also unable to prevent an employee from visiting compromised websites.
Whilst using company-owned devices doesn’t necessarily eliminate this problem, it does reduce the temptation to access inappropriate material while at work.
Summary
Deciding to implement BYOD purely out of convenience or to save costs is unwise. BYOD has wider implications for your business in terms of security, privacy, data protection and IT support. We strongly recommend that where possible, staff use company devices when working from home. This makes it easier to manage these devices and ensure they are secure. If this is not feasible however, we recommend implementing Mobile Device Management software to manage the devices, segregate data and remotely wipe the devices when required.
If you are considering implementing BYOD and have any questions or would like any advice, please get in touch.