Once upon a time, Bring Your Own Device (BYOD) was seen as mutually beneficial. An employer could save substantial costs by eliminating the need for new hardware investment, while the employee didn’t have to juggle devices and could stick with what was familiar and comfortable.
However, there is a pretty significant drawback that could upend the undeniable usefulness of BYOD if it isn’t addressed: the inherent insecurity that the business needs to contend with.
Let’s explore some of the security ramifications that insecure BYOD brings…as well as how they can be addressed.
Securing What Isn’t Yours
Obviously, if you’ve provided your team with devices, you have total control over them. You have the inherent ability to force updates, require encryption, and ban jailbreaking. Meanwhile, BYOD doesn’t offer this kind of flexibility.
You can’t exactly hold an employee hostage until they update their phone, even though an unpatched phone is a magnet for threats. That’s before we even consider all the third-party apps we all fill our phones with, many of which could potentially scrape our data. Imagine the damage these could do if hosted on the device we use to access sensitive emails, data, and other key information.
Now, imagine what happens if there’s worry that a device has been compromised. The owner of the device in question may not take kindly to their device being locked down… and that’s assuming they weren’t already concerned about the privacy of their personal data. In cases like these, it can be tempting to compromise in your security policies to keep everyone happy.
However, by doing so, you wind up with a policy that ultimately fails to protect your business, clients, or end users… an utter failure. This is why you need to be firm and communicative about a BYOD policy and what will be required of any device enrolled in such.
Losing a Key Player (And All the Data They Had)
Let’s say that your highest-performing sales representative leaves your business. A few weeks later, you learn that they have found a position at one of your competitors.
With any luck, they didn’t keep any of your data to gain a leg up while applying for the new job.
This is unfortunately common, as it is too easy for an employee using a personal device for work to leave with business data on their device, whether at the end of the workday or the end of their career at a company. You can conduct a remote wipe, but if data hasn’t been properly synced, some could survive… and that’s assuming you’re willing to risk a potential, expensive lawsuit. At that point, you may as well have just invested in company-owned devices in the first place.
Human Error is a Present Threat
So far, most of the issues we’ve discussed have had some intent behind them. It is actually far more common for simple mistakes to create security risks, especially when BYOD is in play.
Sensitive information could easily be copied from a professional account and pasted into a personal one, totally inadvertently. A toddler playing with their mother’s phone could feasibly accomplish as much, potentially sharing it with one of Mom’s contacts. That’s still considered a data breach.
It is critical that such circumstances are avoided for your business’ continued survival. Fortunately, there are tools to help you avoid them.
Many of the inherent risks of BYOD are mitigated through the use of mobile device management tools. Using these gives you the ability to enforce policies on a user’s personal device that firmly separate personal and professional data… plus, should a user leave the company, all professional data can be remotely wiped and removed from their possession.
We can help you implement the protections that make BYOD a worthwhile option. Reach out to us at (270) 282-4926 to learn more.
Comments