The workforce that relies on smartphones, tablets, and laptops is as widespread as the devices themselves. Now, with the pandemic changing the workspace and remote work being a reality for most employees, the use of these devices is on the rise. With working remotely being the way of the foreseeable future, many staff are using their own devices to connect to the internet, complete allocated tasks, or communicate and share data.
Allowing employees to use their personal devices at work or while working remotely can carry its own benefits, but it also comes with risks. More staff members than ever are switching from Facebook and Instagram to their employer’s file-shares on their own devices using home internet networks. This opens up opportunities for data theft, malware infection, and other potentially devastating problems.
One study reported that by 2017, at least 50% of employers would require staff to bring their own devices to work in a bid to keep operational costs low. Add the pandemic to the mix and the rise in remote work, and this number will have skyrocketed. Businesses rely on smart devices to contact their staff during both regular working hours and after hours. Likewise, employees need them to access their company email inboxes and other essential business-related applications. In the current climate, using their own devices simply makes sense. Even if we go back to ‘normal’ in the future or enter a hybrid working model, the logic remains.
How BYOD Policies are Changing the Workplace
BYOD (Bring Your Own Devices) has become an appealing policy to employers wishing to grant employees access to advanced technology without providing them with their own secured, work-specific devices.
Naturally, workers are eager to use their personal devices, where they can manage both personal and work-related processes simultaneously. While working from home, this need is not necessarily as prevalent, but having access to both work and personal information on one device is far more convenient. The 2019 edition of the Intelligent Information Management Benchmark Report revealed some key respondent insights into the BYOD policy in a pre-pandemic world.
According to the report, over 60% of workers use their personal devices as well as personal file-sharing apps to download and share company data. Interestingly, it also revealed that 52% of the businesses surveyed had discouraged or banned their staff’s use of personal devices at work.
It’s clear that BYOD is not an airtight concept when it comes to company data security. On the other hand, allowing staff members to use their own devices has proven to boost their morale and keep productivity levels high. The BYOD policy is cost-effective, popular, and beneficial in some regards, and the practice is certainly going nowhere soon. The best approach for companies who implement a BYOD policy is to understand the risks and safeguard themselves against them to minimize their potential impacts.
These risks don’t end at the office door either, they extend into the remote working world and beyond. Wherever employees use their own devices from, there needs to be security in place to protect the user and the business.
The 7 Biggest Risks of BYOD Policy
Most company systems have many entry points—there lies the primary risk factor involved in the BYOD policy.
If employees don’t download crucial security patches or use secure networks to transfer sensitive files, the results could be catastrophic for their employers.
Your staff members use their personal devices to download a wide variety of images, documents, and files, and they may not always be scrupulous about keeping your company’s data secure and separate from the rest.
If they were to download a file or app containing malware, they may unwittingly pass viruses directly into your company network when they log on.
BYOD policies have made it easier than ever for workers to keep in touch with their employers. But consider this—would your staff members be able to keep your company data secure if they were to send you an important file over an unsecured Wi-Fi network?
Hackers can easily access this data and use it to gain access to critical company systems this way. Allowing your employees to use their personal devices rather than providing them with secured ones can provide the perfect environment for cybercriminal activities. In the age of remote work, this is even more of a necessity, as home-based internet connections don’t tend to be very secure.
Data leaks can irrevocably damage a company’s reputation. Security breaches through employees’ devices are particularly concerning to customers and business partners alike, who may enact legal proceedings against you if any of their data is in jeopardy.
Companies hit with legal charges must spend their own precious capital defending themselves and their reputation. They may also face legal fines from federal, state, or local watchdogs if these entities find that the companies in question did not act proactively to keep their staff’s devices secure.
Insufficient Staff Training
The margin of human error can lead to security breaches, even when committed by the most diligent of employees. Staff members may not be fully aware of their employer’s device security requirements.
Ideally, workers should have access to regular hands-on training sessions, either in person or online, instead of simply having to sign a document stating that they understand their employer’s policies. If you don’t properly train your staff in securing their devices, they may make simple errors that could cost your company its most critical data.
Shadow IT Risks
Shadow IT refers to information technology that’s managed outside of a company’s IT department, usually without their prior consent or knowledge. Employees who purchase and use consumer-level products can unintentionally leave the company they work for open to data breaches.
Studies show that 96% of American respondents surveyed view employee negligence, including the use of unsecured products or removable storage media infected with malware, as a primary contributor to their systems’ security issues.
Theft or Loss of Devices
Employees who have not followed company security protocols and suffer loss or theft of their personal devices can cause massive challenges for their employers. This is especially true for workers who didn’t have secure passwords for their company system accounts, or who store easy passwords on their devices for quick access.
Even workers who do follow security protocols are not exempt from risk. Modern hackers use advanced technology to crack complex passwords, replicate biometric identifiers, and infiltrate company systems.
Unscrupulous Data Management
Companies with BYOD policies need to ensure that their former employees no longer have access to company applications and data through their personal devices. If such a breach occurs, they need to have protocols in place to track down offending devices and correct the issue as soon as possible.
The Bottom Line
Slack BYOD policies can put companies at risk—even more so now that so many employees are working from home. Fortunately, this risk is mostly avoidable. You can take several precautions to keep your employees’ personal laptops and mobile devices secure, and your own data safe.
These include conducting regular BYOD policy audits, taking note of each and every staff device that accesses your network both onsite and remotely, and thoroughly testing your BYOD policies before implementing them business-wide. It’s always advisable to be aware and prepared so that you can prevent your business’s data from being compromised by the variety of threats that exist in the workplace, and now in the work from home environment too.
The original version of this article was first published on Future of Work.