BYOD, why don’t you?
Explained | News

BYOD, why don’t you?

Posted: October 19, 2017 by Pieter Arntz

Bring Your Own Device (BYOD) is a policy that allows employees to bring their own devices to the workplace and use them there. At one time, this was the latest bonus to attract and keep employees happy—plus save a few bucks. Nowadays the question is more like: Is there anyone who doesn’t bring his own device (at least a smartphone) to the workplace?

But BYOD is more than just bringing your device along. The expression also implies that you can use your own device to access and use corporate resources. But what are the security issues that this policy opens up for both parties?

The risks for the company

  • People outside the company get access. Access by someone outside of the company can happen due to devices being stolen or by people leaving the company.
  • Devices leave the company environment. Outside the company environment, the devices are still carrying important information and may be used to access insecure networks elsewhere.
  • Devices might not be protected or patched. BYOD devices might not be protected as well as the devices that are under control by the companies IT department. This works both ways, since many companies have a slow patching process to keep legacy applications running and to allow for testing before patches and updates are rolled out. Either way, a discrepancy in updates and patches can result in problems for both sides.

The risks for the employee owner

  • This limits the use of the device outside the company. The employee has to be more vigilant than they might be if he didn’t use the device for company matters. For example, browsing in a coffee shop on an open network might be prohibited, or at least dangerous, on that device.
  • Who is to blame in case of leaks? Pointing the finger for who is to blame, or fearing the repercussions, can ruin a healthy work relationship. Employees might be more liable if they used a BYOD device instead of a work-issued one.
  • There might be discrepancy in patching and updates. The employee may have to wait before he patches or updates his Operating System or applications that are used in the workplace. This leaves his work and personal data vulnerable.

Mitigating the risks

To limit the downside and keep possible damage to a minimum, it helps to:

  • Have a clear policy and rules to enforce it. A well thought out policy about BYOD allows you to set rules that everyone understands—not only understand what the rules prescribe, but also why they are needed.
  • Have an active mobile device management solution. Even if there are no mobile devices owned by the company itself, there needs to be mobile device management to keep the company-controlled data and applications separated from the private ones.
  • Use strong authentication and encryption methods. A suitable method of strong authentication enables you to shut out the owners of stolen devices and terminated accounts. Encryption can also keep your communications and data safe from prying eyes.

Allowing your staff to BYOD has mutual benefits, but we recommend taking some precautions if you don’t want the downside to outweigh the good. Being aware of the potential dangers is important, but only a small part of what needs to be done. Securing personal devices at the workplace and securing workplace devices at home is equally important, as well as creating and implementing a strong cybersecurity policy that covers this type of flexibility. Take these steps and you can better enjoy a less cumbersome, more fluid work environment.

RELATED ARTICLES

Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments
week in security
News

A week in security (April 8 – April 14)

April 15, 2024 - A list of topics we covered in the week of April 8 to April 14 of 2024

CONTINUE READING 0 Comments
change social security number
News

How to change your Social Security Number

April 12, 2024 - Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

CONTINUE READING 0 Comments
mercenary spyware alert
News | Privacy

Apple warns people of mercenary attacks via threat notification system

April 11, 2024 - Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

CONTINUE READING 0 Comments
A 13-year-old girl is using her smartphone in the dark room. The content she is browsing projects in front of her.
Cybercrime | Personal

How to protect yourself from online harassment

April 10, 2024 - Don't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Pieter Arntz

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams