As flexible work has become commonplace in businesses all over the world, a more flexible attitude has also been adopted in many other business functions. One of these is devices; that is to say more specifically, the devices that employees use to get their jobs done every day.
Some organizations have taken steps to provide their workforce with all the laptops, PCs, tablets and smartphones that they need to get their jobs done, wherever and whenever they’re working. This is highly advantageous from a security perspective, but it can be very expensive in device procurement terms, and some employees resent having to possess or carry around two sets of devices.
As an alternative, a BYOD (Bring-Your-Own-Device) strategy allows employees to use their personally-owned devices for work purposes. This enables much more flexibility and user-friendliness, but it needs to be managed extremely carefully, mainly for security reasons. In this blog, we’ll flag up the key risks to take into account when exploring BYOD, and the six vital areas to cover in order to ensure a safe, successful implementation.
The risks of a BYOD strategy
When BYOD is implemented, devices often fall outside of the direct control of the IT team, making it much more difficult to understand what devices are being used for and when. Because the devices are also used for personal activity by employees, IT teams are generally unable to track all employee use because it would be an invasion of privacy.
Because of this, business data and applications are left protected only by whatever security measures and technologies the employee chooses to use. This heightens the risk of:
- Cybercrime: hacking, phishing and ransomware can all affect a device, along with the data and access permissions within it. This is the case even if the user’s actions that enabled the attack were completely accidental and had nothing to do with their work
- Data leakage: even without a deliberate attack, data can be left vulnerable if the right security provisions aren’t in place, allowing those who shouldn’t have access to easily discover and tamper with data
- Loss and theft: if a devices is accidentally lost, or stolen due to its high financial and resale value, information can easily fall into the wrong hands if a device isn’t properly secured
Where to assess employees’ BYOD use
All the above might make BYOD sound like a scary, dangerous idea. But it doesn’t have to be, especially if you take these six areas into account when rolling out the strategy:
Home internet connectivity
Household broadband connections aren’t designed for handling large volumes of sensitive and valuable data, and so generally don’t have enterprise-grade security features in place. IT teams should assess home internet connectivity of remote workers, and beef up security as required.
Device security provision
Every individual device used for business purposes should be checked over regularly, to ensure that up-to-date anti-virus and other security applications are installed and running. This reduces the risk of new and emerging threats causing issues before the IT team has a chance to respond.
Data and application access
Explore ways to keep business and personal device use as separate as possible. For example, you may want to explore virtualization solutions, whereby users have to log into a dedicated solution or application within which all work activity is hosted. This solution enables much easier monitoring and security of business data and activity.
Awareness and education
Many of the security issues that emerge in business today are still caused by human error, such as clicking on a seemingly innocuous phishing link. Training and educating every employee on security best practice can cut out many problems without the need for technology to act as a failsafe.
Passwords and authentication
Connected to the previous point, the use of easily guessed passwords is still a common feature in how cybercriminals get access to business systems and data. It’s important to encourage the use of stronger passwords, to regularly change them, and to explore the adoption of multi-factor authentication technology.
Software platform security
You should also ensure that every application employees access on devices has its own security built-in. As an example of the standard expected, Condeco’s workspace booking and management solution leverages the protection of Microsoft Azure data centers, and meets ISO 27001 Information Security Management standards thanks to over 100 controls.