Flexibility in the workplace can be a beautiful thing, but companies should carefully weigh the security risks associated with allowing "Bring Your Own Device." In addition, employees should be fully aware of the potential ramifications. For example, there are stories of individuals losing their personal photos because a mobile device had to be wiped due to a security concern with the company. On the other hand, if companies put too many restrictions on the employee's use of their own devices for work, then they lose the benefits that made it appealing in the first place.
You may recall, a laptop containing work-related private and sensitive information being stolen from a West Virginia healthcare provider back in 2017. As a result, forty-three thousand patients had to be notified of a potential breach. Stories like these are not good for the bottom line. Companies need to see exactly where their private information is being accessed. Before you allow employees to bring their own device for work, here are some benefits and ramifications to think about.
Benefits
Employees are familiar with their own devices and therefore may work more productively. Having devices that are mobile is convenient for remote working and allows for increased flexibility. Increased flexibility can lead to higher employee satisfaction at work. If your company is not purchasing separate devices for work-use only, then your business can save money by allowing employees to use their own devices.
Ramifications
Company data transmitted and stored on personal devices is more difficult for the IT department to track. If your employee uses public Wi-Fi then there's a risk of public attacks or eavesdropping. For example, are they using the Wi-Fi at hotels and airports? IT departments can monitor internet usage on the devices. However, if they do, your employees may feel their privacy is being invaded. Does your IT department see their location at all times? Can you see all of their social media activity?
Also, think about the risks of third party usage. Do friends and family use the same device at times? The employee might be using devices with compromised integrity or malicious applications. Even more, the employee might have jail-broken applications, which affects the security of their device. These are just a few security risks to consider when allowing "Bring Your Own Device."
Protect your Company
If "Bring Your Own Device" becomes an acceptable policy for your company, carefully determine security measures and incident response plans. Employers need to be transparent with employees about what is acceptable use. The employees need to know what security measures lie within the realm of their responsibility. Have a clear understanding of what the procedures are for covering device and data loss. Inform employees and have a contract about the monitoring that may take place by various departments. Include a policy stating which devices are acceptable for business use. Plan for when employees leave the company and how to address their insider knowledge.
Some security measures to look into include: black listing applications, white listing applications, offering virtual private network internet usage and using containerization as a solution. Containerization allows the separation of work and personal use on devices and it can protect the information of the company. Finally, if you have remote workers, it is especially important to use multi-factor authentication.
“Bring Your Own Device” is among the top five cybersecurity risks your company will face in 2019. While there is no perfect solution, you can reduce your company’s risk through careful monitoring, development/enforcement of well-crafted policies and engaging in defense-in-depth. Cybersecurity demands a holistic approach that addresses people, processes and technology. Save valuable time and money by teaming up with cybersecurity experts to determine how to best identify and address your cybersecurity needs to improve your overall security posture.