As flexible work has become commonplace in businesses all over the world, a more flexible attitude has also been adopted in many other business functions. One of these is the devices that employees use to get their jobs done every day.
Some organizations have taken steps to provide their workforce with all the laptops, PCs, tablets and smartphones that they need to get their jobs done, wherever and whenever they’re working. This is highly advantageous from a security perspective, but it can be very expensive in device procurement terms, and some employees resent having to possess or carry around two sets of devices.
Alternatively, a BYOD (Bring-Your-Own-Device) strategy allows employees to use their personal devices for work purposes. This enables much more flexibility and user-friendliness, but it needs to be managed extremely carefully, mainly for security reasons. In this blog, we’ll highlight the key risks to consider when exploring BYOD and the six vital areas to ensure a safe, successful implementation.
The risks of a BYOD strategy
When BYOD is implemented, devices often fall outside of the direct control of the IT team, making it much more difficult to understand what devices are being used for and when. Because the devices are also used for personal activity by employees, IT teams are generally unable to track all employee use because it would be an invasion of privacy.
Because of this, business data and applications are left protected only by whatever security measures and technologies the employee chooses to use. This heightens the risk of:
- Cybercrime: hacking, phishing, and ransomware can all affect a device, along with the data and access permissions within it. This is the case even if the user’s actions that enabled the attack were completely accidental and had nothing to do with their work
- Data leakage: even without a deliberate attack, data can be left vulnerable if the right security provisions aren’t in place, allowing those who shouldn’t have access to easily discover and tamper with data
- Loss and theft: if a device is accidentally lost or stolen information can easily fall into the wrong hands if a device isn’t properly secured
Where to assess employees’ BYOD use
All the above might make BYOD sound too risky to implement. But it doesn’t have to be, especially if you take these six aspects into account when rolling out the strategy:
Home internet connectivity
Household broadband connections aren’t designed for handling large volumes of sensitive and valuable data, and so generally don’t have enterprise-grade security features in place. IT teams should assess the home internet connectivity of remote workers and beef up security accordingly.
Device security provision
Every device used for business purposes should be checked regularly to ensure that up-to-date anti-virus and other security applications are installed and running. This mitigates the risk of new and emerging threats disrupting systems before the IT team has a chance to respond. Additionally, Mobile Device Management (MDM) tools can be implemented to remotely wipe lost or stolen devices and enforce security configurations.
Data and application access
Explore ways to keep business and personal device use as separate as possible. For example, you may want to explore virtualization solutions, where users log into a dedicated solution or application within which all work activity is hosted. This solution enables much easier monitoring and security of business data and activity.
Awareness and education
Many security issues that emerge in business today are still caused by human error, such as clicking on a seemingly harmless phishing link. Training and educating every employee on security best practices can eliminate many problems without needing technology to act as a failsafe.
Passwords and authentication
Related to the previous point, the use of easily guessed passwords is still a common feature in how cybercriminals get access to business systems and data. It’s important to encourage the use of stronger passwords, to regularly change them, and to explore the adoption of multi-factor authentication technology.
Software platform security
You should also ensure that every application your employees access on devices has its own security built in. As an example of the standard expected, Condeco’s workspace booking and management solution leverages the protection of Microsoft Azure data centers and meets ISO 27001 Information Security Management standards thanks to over 100 controls.
