Home Technology Bring your own device: are external devices in your office ever a good idea?
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Bring your own device: are external devices in your office ever a good idea?

by uma

Is your BYOD policy compromising your cyber security without you even knowing it? Here’s how to stay cyber secure while using external devices.

A ‘bring your own device’ policy in the workplace can cause chaos when things get out of control. Since the beginning of the pandemic, cyber attackers benefitted from our changing ‘work from home’ patterns, resulting in a huge surge of cyber attacks in 2020, a trend which we are yet to see reverse. Since organisations reopened their offices, and implemented new hybrid working policies, ‘bring your own device’ has become a popular arrangement which enables employees to transition more easily between home and office working by utilising their personal smartphones, tablets, and laptops.

However, most organisations are starting to look carefully at their IT ecosystem for vulnerabilities, and BYOD policies are one of the key areas where many businesses are compromising their cyber security. Anthony Green, CTO of cybersecurity consultancy firm FoxTech, explains:

“External and personal devices are a major chink in many companies’ armours when it comes to protecting against cyber attacks. BYOD means that employees are accessing and storing data owned by the company on devices that are not company property. In the IT professions, any device that connects to your network is known as an endpoint. A study by the Ponemon Institute found that 68% of organisations experienced one or more endpoint attacks in 2020, coinciding with the boom in home working. This means that insecure and unprotected personal devices could be a real threat to the security of your data.

“It would be best to not have a BYOD arrangement at all, but this isn’t always realistic with personal devices becoming more and more embedded in office life. With that in mind, there are actions you can take to minimise the risks inherent in using personal devices for work.”

Here, FoxTech provides their tips for making your BYOD policy cyber security friendly: 

Know the risks

Educating yourself on the specific risks of BYOD is extremely important and will ensure that you don’t sleepwalk into a cyber security crisis. The main risks include:

  • Easier malicious withdrawal of data e.g. users allowing malicious applications to access data
  • Higher potential for accidental data loss e.g. work data being shared in device backups, personal devices being shared with family
  • Higher likelihood of devices being unsupported or out of date
  • Users being less willing to report security incidents because they are worried that their personal data will be intruded upon
  • Increased risk of device theft and loss

Think it through

Don’t make it up as you go along. Just as you should develop written policies around the use of company devices, you need to create rules and obligations around your BYOD scheme. The National Cyber Security centre (NCSC) has an excellent guide to creating a Bring your Own Device policy here.

Work with your employees

One of the biggest challenges of securing your employees’ personal devices is the conflicting interests between the company and the device owners. As personal devices are not company property, the employee has the right to refuse device monitoring and the installation of security features.

Users will commonly worry that the installation of security packages could slow down their device and affect its usability. They may also be concerned that too much company monitoring will infringe on the privacy of their personal data.

For these reasons, it’s important to get your employees on side when it comes to securing their devices. One way to do this is to offer the alternative option of a company device. This means that if employees still choose to use their personal device, they may be more inclined to agree to security measures, as they won’t feel as if they are being forced upon them.

Communicating the risks of BYOD and the mutual responsibilities between organisation and employee will also be crucial to encouraging the safe use of personal devices.

Be cautious with your data

Don’t give anyone more access to your data on personal devices than is required for their job role. There are some aspects of your data, such as an employee’s financial information, that it would be wise to keep within a fully managed environment. When you are planning your BYOD policy, you should conduct an audit of each employee and department to establish where it may not be appropriate. Don’t be afraid to extend the policy to some departments and not others – the key is to communicate why you have made each decision. 

Invest in cyber security monitoring

The Ponemon Institute’s annual Cost of Data Breach Report found that in 2021 it took companies an average of 212 days to identify a breach, and a further 75 days to contain it. The faster a breach is identified and contained, the lower the overall cost of the damage will be. This means that if a malicious actor has managed to infiltrate your system through a personal device, there is still time to prevent a full-scale attack if you are able to quickly identify a breach. The best way to monitor your system for potential breaches is to invest in cyber security monitoring by an expert cyber security consultancy

You may also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More