BYOD and Personal Use at Work… How Safe is it?

Brain

Businesses and companies have questioned if the BYOD (Bring Your Own Device) policy will be effective and efficient for productivity at work, with the policy especially taking place over the Covid-19 pandemic that took place in 2020. It may seem like a great idea to implement BYOD, boosting employee mobility, satisfaction, and productivity but what are the security risks for workers using their personal devices at work???

The Risks

robotics

Using personal devices at work is adequate but major cyber security risks can occur if not managed well by the organisation allowing the BYOD policy to take place:

Shadow IT:

This is a term used for employees who access an organisation's IT system through an unrecognised device. Equipment provided by an entity is commonly monitored and maintained, either for security reasons or to also inform colleagues who are online and what projects or documents have been altered or are currently being worked on. An unrecongised device getting access to an IT system will be seen as a threat. This act can also lead to miscommunication and confusion amongst colleges.

Data Loss & Theft:

Data loss can occur if an individual’s device is not well managed, corrupted, or stolen. Workers accessing customer/clients' emails from their personal devices can cause data leakage to unknown 3rd-parties, data loss and theft can also occur when the device itself is physically lost or stolen. Cloud-based structures have helped minimise the risk of data loss and the chore of data retrieval from multiple work-related personal devices, but ultimately rely on the IT structure built by the organisation and co-workers following the guidelines. Another form of potential data loss is compatibility issues, each device can be unique to the individual and therefore have different systems and different available apps/software. Some files may not transfer over correctly to different types of file formatting leading to data corruption.

Unprotected/Compromised Devices:

BYOD can also elevate security risks within the oraginisation, as personal devices are commonly not monitored and as secure when compared to devices provided at work. The lack of support found in BYODs includes no password management, the required anti-virus software, and patch management systems built for work hardware. Commonly, personal devices used for work have downloaded apps non-related to work that can feed work-related data to unknown 3rd-party sources that may breach the organistions protection for their clients and also the safety of members of the organisation.

Legal Problems:

With the above cons mentioned, legal troubles are just around the corner. Customers and/or clients expect to be protected with their data safe and secured as promised by the IT organisation they trust, and the policies in place to manage and monitor any suspicious activities in the cyber world. If an associate of the organisation loses their personal device or has their device infiltrated by a threat actor, legal ramifications will occur and heavy fines will apply to the business or company for not following standard protocol in cyber security.

The Solution

Target goals

With all the problems listed, there are solutions…. A well-managed infrastructure and policies for BYOD will remove the mentioned vulnerabilities. 

Device Management Training & Implementation: 

Deployment of device security and management is a necessary measure in cybersecurity, with the chosen anti-malware security product, introducing automatic updates and training of procedures for the workforce to abide by. Without a team procedure data can be lost or corrupted as well as never recovered. Another must when introducing BYOD is “access”, certain documents or software will need to be restricted to the personnel necessary, such as admin restrictions or access to sensitive data to ensure cyber security standards.

Workforce Support & Services: 

Using personal devices for work is versatile and has its advantages, but even those devices can fail. Having support for connectivity issues and application configuration is essential with the BYOD policy to properly deploy “Device Management” procedures.

Containerisation (a space just for work):

Containerisation implements BYOD properly, helping separate work from personal use. For example, an option to deploy containerisation is cloud-baseD apps and storage implementation. This creates a seamless and more accessible environment for all users of the team which can allow more ease of management and access for the organisation to manage and encrypt data; separate from the user’s personal data. 

Application Control:

Application control is necessary for keeping work-related apps/programs separate from the user. Measures of application management include systems for work-related apps that can enable automatic updates regularly and routinely as patching software will eliminate the choices of new malware infiltrating the device.

Password Protection & Creation: 

Password management policies can include education on ‘Password Vault’ systems that allow a user to remember one password for all logins while still having long and unique passwords that would take a threat actor a millennium to crack. Another example is workforce education on how to create a safe and secure password, including the implementation of MFA; please click Here to read more on password protection and how to stay safe.


The Conclusion

Security Check

The BYOD policy has its pros and cons, ultimately relying on how the IT infrastructure is built. BYOD is extremely useful to have if implemented correctly. To summarise, an organisation should ask themselves:

  • Acceptable Use: Are the personal devices being used adequately for work?

  • Ownership of Apps & Data: Who has access to which document or software, are personal use and work use separated?

  • Liabilities: What are the costs associated with the device and procedures for the loss of data of personal devices?

  • Termination of Access: What are the consequences if policies are not followed, what are the procedures when a team member leaves?

 

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.

 
Previous
Previous

Hackers Upload Luxury Eyewear Customer Data to the Dark Web

Next
Next

Cyber-Attack Case Study: The Log4Shell Vulnerability