Blog

Bring Your Own Device Security

Written by Waits Sharpe | Jun 7, 2023 6:37:09 PM

The "bring your own device" or BYOD work model has become increasingly popular over the last several years. It has become much easier for employees to use their own mobile devices, laptops, or tablets to do their work in the office and on the go. While not entirely synonymous with "working from home", BYOD presents many of the same risks and benefits to an organization. Read further to learn more about how BYOD may impact your organization.

What is BYOD?

BYOD or "bring your own device" is pretty much exactly what it sounds like. Many organizations have begun to allow workers to use their own laptops, mobile devices, and tablets to accomplish their tasks at work. In fact, according to Zippia,75% of employees use their personal cell phones for work while 83% of companies have some form of BYOD policy implemented.

BYOD doesn't just apply to in-office workers either. When working remote, many employees prefer to use their own laptops or PC's to accomplish tasks and conduct business. This is due to the fact that individuals are more comfortable working with technology they know and are familiar with. They may also feel less restricted when using personal devices, whether that be for good or ill. The important thing is that, whether or not organization like it, BYOD isn't going anywhere. To ensure the security of your organizations data, it is integral that BYOD security is taken seriously.

Benefits of BYOD

BYOD offers a host of benefits for organizations that implement this model in their workplace. For starters, BYOD workers are more efficient, and productive when using their own personal devices. On average, employees work 2 extra hours per day. BYOD lets individuals open up their schedule beyond the usual 9-5 work day. They are given more flexibility in choosing when they check emails, read reports, or set up meetings.

BYOD also boosts company morale due to the fact that employees feel more comfortable working on devices they are familiar with, in an environment they are comfortable in. Personal laptops and phones are often faster and more stable than work computers as well. Organization can also save money when employees are allowed to bring their own devices. In the past, companies had to pay for the laptops, and hardware that employees use everyday. With BYOD, the employee purchases the hardware.

Personal devices also make the hybrid work model easier for employees. Instead of having to switch between their personal laptop at home and their desktop in the office, they can do their work on a centralized device they can bring wherever.

Security Risks With BYOD

However, BYOD doesn't come without risks. Many of the same threats that employees may run into on a work computer are present on their personal devices. The difference is that when working from home, or on their own devices your workers may not have the same security precautions implemented as they would on a company desktop, or VDI. This means that BYOD workers are facing the exact same risk, with no meaningful protection. Employees may also decide to work from coffee shops or libraries, meaning that they will connect to public networks and potentially access private resources. This opens your business up to man-in-the-middle attacks, and other data exfiltration tactics.

If your employees work from home, there is no guarantee that a family member won't open up their home network to bad actors, or download malware that spreads to your employees devices. Phishing emails may also pose a greater threat to employees working from personal devices. A malicious email that would've been blocked in the office may land in an employees inbox while working from their iPad. Overall, there is a lack of visibility on the organizations side in regards to how their resources or being used and who has access to them.

What Can Your Business Do?

How can business take advantage of the many benefits that come with BYOD while also reducing risk? Per usual, some of the most helpful steps also happen to be the most practical.

Making sure your employees are up to date on their security awareness training is crucial to educating users about the risks of social engineering. Humans are the number one cause of data breaches and knowing how to respond to a phishing email can save your organization. Educate your workers on what a phishing email looks like, how to respond, and who to contact if they fall for one.

Have your workers use a VPN when connecting to public networks to ensure that while browsing they are protected from prying eyes. A VPN obscures your network traffic and IP address so that attackers are unable to intercept potentiality private information. Additionally, having employees connect to your organizations network via a VDI secures your workers as if they were in the office. By connecting to a virtual machine, employees can have the protection of a firewall, email filter, and other network security protocols while working from their personal device.

Another way to ensure BYOD security is to make sure that your workers are practicing good password hygiene and implementing MFA on all of their applications. Your password is your first line of defense against attackers and the most common mistake users make is choosing weak, repeating, and personal passwords that can be brute forced in a matter of seconds. You should also require MFA be implemented on every application your employees use to conduct business. In the event that login credentials are stolen, MFA provides an extra layer of defense.

Contact CorpInfoTech today to create and implement a security plan for your remote or BYOD workers!

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.