Employers and employees have often found BYOD (bring your own device) to be a win-win. Benefits include lower hardware costs and more device familiarity from employees. This equals – amongst other things - greater morale and productivity. In the current climate, nobody will refuse that. But with these new benefits come a whole set of problems for businesses to wrestle with.
Firstly, there’s data leakage
There’s plenty of potential for sensitive company information to get out. An employee using unsecured airport Wi-Fi or a laptop left misplaced in a coffee shop is low hanging fruit for hackers and thieves. They can exploit these opportunities to snoop on sensitive information, steal company data or delete it altogether. This is equally due to personal devices typically lacking proper encryption and employees being wayward with their firmware system updates.
Secondly there’s malware infiltration
When a device is used for both business and pleasure, an employee will fill a laptop with all sorts. Sites that would typically be restricted by businesses can be easily visited. A “harmless” game they decide to download at the weekend could easily pass into a company network where it could steal data, money and generally ruin a devices’ performance.
What happens when employees leave your organisation? Hackers aside, what would a careless or even “rogue” employee do with access to a device containing sensitive data? The chances of tracking the device as a source of a security breach are pretty slim. Further complications can form with potential legal issues. For example, a businesses reputation can be damaged if sensitive information on customers and partners is leaked. It could then prompt everything from a few legal bills to punitive measures from the government.
So what can we do?
Prohibiting BYOD would be counterproductive. So, to minimise risk, any of the following can help. Companies should only allow the minimum access necessary to employees with company data. This is a great way to limit exposure, as is encryption of corporate data.
Big steps can be also taken by installing various pieces of software. For example, an MDM (mobile device management) program can allow a trusted IT partner to remotely wipe a device when needed. Implementing file integrity monitoring can also notify that IT partner if malware gains access to a device. Doing the upmost to ensure firmware is up to date is also a no brainer. As are simple measures like ensuring devices have basic security options like password, pattern, PIN, fingerprint and even face recognition.
The final aspect of BYOD best practice is training. So many security breaches are due to employee error. Training employees in best practices such as using a VPN and ensuring they segregate their business/pleasure apps can help. These measures can then be delivered in security briefings and be drawn attention to in an employee’s contract.
In this chaotic time the last thing anyone needs is a security breach. And heads up, there have been plenty of opportunists looking to take advantage. This is why we offer a range of security products that cover every aspect of a businesses defences.
Get in touch today to find out what we can do to keep your data and assets safe.