Cybersecurity & BYOD: The Ugly Truth

Please don’t, but if you must...

In theory, letting employees work from their own devices sounds like a great idea—until it’s not. Yes, as a company you’ll see some up-front cost-savings, but a breach in security will almost always cost more. Additionally, contrary to popular belief, your employees would rather not run their personal devices into the ground nor would they like to constantly feel on edge about the potential of spilling company secrets (slight exaggeration).

However, if BYOD is your only option as a company at this moment in time, it’s important to not only implement some BYOD best practice, but also understand the potential dangers of implementing a BYOD environment in your office.

The Risks of BYOD

Unauthorized Access

You would think that everyone would be protective of their personal devices, whether it’s a phone, tablet, or laptop. But the reality is that almost every company is just one stolen laptop away from a data breach. Obviously, this isn’t limited to personal devices; company-issued devices can get stolen, too. However, if you use an MDM (mobile device management) on company or personal devices, you’ll be able to wipe devices remotely if they’re left behind at the airport, etc. Better yet, your business could partner with Electric and we’ll not only implement an MDM, but we’ll cover the cost, and we’re just a Slack away when you’re in a crisis.

Unauthorized access is also a concern when an employee leaves a company. With a company-issued device, your IT team can just wipe the data before handing the device to the next hire. But with personal devices, you have less control, especially if someone leaves abruptly and doesn’t return to the office.

Unsecured Networks

While we, too, love enjoying our latte’s with a delicious pastry at our favorite coffee shop, it’s probably not the best place to get work done. Coffee shops, airports, and other places with public wi-fi are pretty open gateways for hackers to gain access to your company data. If working in public spaces is unavoidable, consider a VPN for your team.

Best Security Practices for BYOD

Have a Personal Device Policy

Before you start allowing your employees to use their own phones, tablets, and computers in the office, it’s helpful to have a personal device policy. In this policy, you can outline several rules and guidelines for your employees to follow in order to protect your company’s security, data, and infrastructure. Some questions you may want to consider answering in your policy include:

  • What types of devices or operating systems are acceptable to use?

  • What is your strong password policy?

  • What files and data is allowed to be stored on a personal device?

  • What apps and sites are employees allowed to access on the company network/What apps and websites are restricted?

  • Are webcams allowed to be enabled on site?

  • Are there any security measures employees are required to take?

These are just a few out of many questions you should consider when it comes to protecting your company’s security in a personal device policy.

Educate Employees

Having an open line of communication with your employees is key when you encourage them to use their own devices. Let them know the implications a cyber security breach would have on the company, and what your employees’ obligations are. Offer periodic training on different types of cyber attacks and social engineering ploys, as well as how to recognize them. It’s also a good idea to inform your employees of what protocols to follow in the event of a security breach.

Use MFA

When it comes to company security, MFA (multi factor authentication) plays a huge role. While it’s highly recommended for everyone to use strong, complex passwords, the truth is that not everyone follows the rules for ideal password management. Multi factor authentication helps to provide an extra step (or two) of security when it comes to accessing your company data.

Implement Cloud-Based Solutions

There are a lot of cloud-based solutions that can help foster better security for your business, especially when your employees are using their personal devices. Many businesses are already utilizing cloud storage, as it allows employees to collaborate easily and access work files at anytime, anywhere. If your company is shopping around for a cloud storage solution and many of your employees are using their own devices, you may want to check over the security features offered by the cloud storage vendors you’re considering.

The major takeaway here? Scrap BYOD and move toward company-issued devices—trust us, in the long-run you’ll be glad you did. Oh, and partner with Electric just in case you leave your laptop in a taxi in Europe and need it wiped.