As many employees now operate from home following the Covid-19 pandemic, there has been an increase in use of personal devices for work purposes. Employers are having to quickly explore and understand “bring your own device” (BYOD) strategies and want to understand the risks of BYOD. If you’re unfamiliar with the term, BYOD lets employees use their personal mobile devices to do company work from any location.
BYOD increases workplace flexibility and efficiency but also brings risks. It’s important to understand the security risks so that you can do your best to mitigate them.
Security Risks Of BYOD
- Personal devices are not part of the business’s IT infrastructure so don’t benefit from the cyber protection provided by the company firewalls and security systems.
- Employees might not regularly update their devices’ software, rendering their devices vulnerable to a potential cyber attack.
- If employees have the freedom to choose whatever device they want to work with security is further compromised. It will be considerably harder to keep track of vulnerabilities and updates.
- Remote workers tend to use wifi spots in public places. Open wifi spots often don’t have adequate security settings and are susceptible to hackers who create malicious hotspots.
- Employees may use non-work related applications or access untrusted websites which can leave security vulnerabilities on an employee’s device. Also, when they next login at the office, they could upload these vulnerabilities to the entire network.
- The risk of mobile devices becoming lost or stolen is high as they don’t stay in one secure location. If a lost device falls into the wrong hands, criminals may gain unauthorised access to valuable and sensitive company data.
- If an employee leaves their employment, the company will not have control of the data which they may have on their device.
- A third party, e.g. a family member or friend of the employee, may use the employee’s device and potentially have access to the company data.
- The company doesn’t know what company data the employee has on their mobile device.
Mitigate The Security Risks Of BYOD
We recommend the following:
- Implement a written BYOD policy which outlines the responsibilities of the employer and the users.
- Ensure that authorised devices are only able to access the data and services you are willing to share with BYOD employees.
- Protect mobile devices with appropriate security software.
- Explain to staff why security on mobile devices is important. Stolen data could impact the viability of business which will have an impact on staff.
If you would like some further advice on BYOD strategies or some help creating a BYOD policy, please contact us on 01392 207194 or drop us an email.