Is your BYOD policy compromising your cyber security without you even knowing it? CEO of FoxTech explains how to stay cyber secure while using external devices.
Bring Your Own Device Policy – Does It Ever Work?
A ‘bring your own device’ policy in the workplace can cause chaos when things get out of control. Since organisations reopened their offices, and implemented new hybrid working policies, ‘bring your own device’ has become a popular arrangement which enables employees to transition more easily between home and office working by utilising their personal smartphones, tablets, and laptops.
However, most organisations are starting to look carefully at their IT ecosystem for vulnerabilities, and BYOD policies are one of the key areas where many businesses are compromising their cyber security.
Risks of BYOD
Educating yourself on the specific risks of BYOD is extremely important and will ensure that you don’t sleepwalk into a cyber security crisis. The main risks include:
- Easier malicious withdrawal of data e.g. users allowing malicious applications to access data
- Higher potential for accidental data loss e.g. work data being shared in device backups, personal devices being shared with family
- Higher likelihood of devices being unsupported or out of date
- Users being less willing to report security incidents because they are worried that their personal data will be intruded upon
- Increased risk of device theft and loss
Top Tips for a Cyber Security Friendly BYOD Policy
Make your BYOD policy work for you by following these top tips to stay secure:
Work with your employees
One of the biggest challenges of securing your employees’ personal devices is the conflicting interests between the company and the device owners. As personal devices are not company property, the employee has the right to refuse device monitoring and the installation of security features.
Users will commonly worry that the installation of security packages could slow down their device and affect its usability. They may also be concerned that too much company monitoring will infringe on the privacy of their personal data.
For these reasons, it’s important to get your employees on side when it comes to securing their devices. One way to do this is to offer the alternative option of a company device. This means that if employees still choose to use their personal device, they may be more inclined to agree to security measures, as they won’t feel as if they are being forced upon them.
Be cautious with your data
Don’t give anyone more access to your data on personal devices than is required for their job role. There are some aspects of your data, such as an employee’s financial information, that it would be wise to keep within a fully managed environment. When you are planning your BYOD policy, you should conduct an audit of each employee and department to establish where it may not be appropriate. Don’t be afraid to extend the policy to some departments and not others – the key is to communicate why you have made each decision.
Invest in cyber security monitoring
The Ponemon Institute’s annual Cost of Data Breach Report found that in 2021 it took companies an average of 212 days to identify a breach, and a further 75 days to contain it. The faster a breach is identified and contained, the lower the overall cost of the damage will be. This means that if a malicious actor has managed to infiltrate your system through a personal device, there is still time to prevent a full-scale attack if you are able to quickly identify a breach. The best way to monitor your system for potential breaches is to invest in cyber security monitoring by an expert cyber security consultancy.
