As common as watercooler chit-chat, PowerPoint presentations and casual Fridays, BYOD (Bring Your Own Device) has been adopted by an increasing number of businesses both big and small over the past few years. In today’s tech-savvy age, allowing employees to carry out duties using their own laptops, tablets and smartphones certainly makes sense, affording greater freedom and flexibility than in other roles.
However, by connecting such personal electronic devices to any private networks an organisation uses, it may leave your business open to a plethora of cybersecurity threats. So, while it can undoubtedly be a sign of a business evolving with the times, it’s not without its challenges.
If your office allows BYOD or is thinking about employing it, then it’s imperative that you have the appropriate measures in place in the event of attacks and hacks. Here, we’ll go through a variety of tips you can use to ensure that those using their own devices at work are as safe and secure as possible.
What are the benefits of BYOD?
Before we focus on improving your cybersecurity with regards to BYOD, we’ll have a brief look at the benefits of the concept, showing why it’s a practice that’s becoming increasingly commonplace in businesses of all kinds.
- Cost savings: If your business is in the habit of replacing its hardware every few years, then allowing employees to bring their own devices into the workplace can cut down on the associated costs. When the majority of the costs in this area are being paid for by the employees, then a company stands to save a lot of money.
- Increased employee satisfaction: Your employees will likely be more familiar with their own devices, allowing them to work in a way that suits them more readily. Additionally, they’ll avoid getting bogged down in the technical issues of corporate devices.
- Greater productivity: Through the increased use of BYOD, staff can take their devices and technology with them wherever they go, opening up the chance for remote and flexible working. The opportunity for employees to work comfortably where they want can have a positive effect on productivity over time.
- Improved engagement: With the software and hardware available to use after hours, you may even see employees working on projects and tasks beyond the core 9-5 of the office.
What are the risks of BYOD?
Obviously, BYOD brings with it certain risks and challenges, which has led some companies to avoid allowing the practice altogether. Despite the benefits, resistance towards BYOD certainly makes sense to businesses who are keen to play it safe when it comes to cybersecurity.
If you’re planning on putting a policy of BYOD in place, then consider the following key risks:
- Potential data loss: How much critical or sensitive data on your network do you want to be accessed by employees using their own devices? You’ll have to think about reducing the exposure of such data.
- Application control: Which applications will your team be using and how often will they need updating, if so? Application updates contain key security fixes that can help keep devices protected from cybercriminals.
- Local labour laws: Certain local and international labour laws may prevent people from working more than their contracted hours. If BYOD sees a rise in employees working in addition to core hours, these laws could cause problems.
- Privacy issues: Tools that are used by IT to manage BYOD devices could track location, causing potential privacy issues in some countries.
- Regulatory requirements: If you’re operating within a specific industry, then you’ll need to consider some of the stricter compliance mandates about how data can be protected, especially now that GDPR is in effect.
- Data recovery: The appropriate measures on how to store and wipe data on employees’ personal devices should be made clear throughout the business.
- Lost or stolen devices: End-user training should be implemented to deal with any issues that arise due to lost or stolen devices.
How can you and your employees stay safe?
- Keep employees aware of best practice
A policy of best practice that dictates how to properly use devices with regards to data security is certainly key. Train your staff on how to use their devices safely, how to avoid traps and pesky tricks used by scammers, hackers and cyber-criminals. Let them know what to do if their device is lost or stolen (more on this later), and include guidelines for what is and is not acceptable work-related use of privately-owned devices.
- Ensure mobile device management on all devices
With BYOD, the lines between company security with employee privacy become somewhat blurred. It may be worth having all employees use mobile device management (MDM) technology on all devices that access the internet. Not only does this make company data and employee information distinct from one another, it also provides your organisation with the ability to remotely access and remove any corporate data on said phones.
- Set password guidelines
All employees should be required to follow password protocols when on the network. Otherwise, you leave yourself open to criminal activity from hackers. These guidelines should include things like requiring users to change their passwords every three months and disallowing the reuse of previous passwords. You can even make it so that passwords need re-entering after five to 15 minutes of inactivity, and locks users out after three or five incorrect logins from a mobile device, further strengthening your protection.
- Set parameters for data access
Before you move on with your BYOD policy, decide who in your business should have access to company files and applications, what information they should be allowed to access and from what devices.
Through restricting access and only allowing individual employees to access data that’s relevant to them, you can minimise the threat of, or damage caused by, a security breach. The more information an employee has access to, the greater the potential for harm done to a business through hacks. To further improve things, make use of encryption technology and put in place procedures that enable data to be wiped out remotely.
- Use two-factor authentication for mobile network access
Since passwords can also be stolen, many companies use a two-factor authentication process for employees so they can access the network remotely. These require employees to provide two different pieces of information to confirm their identity. Most systems use a strong password as the first factor, while the second factor can be a few different things, including an SMS code, hardware confirmation or biometric access.
- Use endpoint protection
The appropriate endpoint protection technology, such as antivirus and antimalware, protects you against breaches and malware. Endpoint protection works by scanning a given device, ensuring it’s free of malware and viruses before the user gains access to the network. This prevents viruses and malware from entering the network through a corrupted mobile device.
- Lost and stolen devices should be reported immediately
In the event of lost or stolen devices, employees should notify IT as soon as possible. Once reported, IT should terminate the device’s access to the network, as well as any apps that can access company data. IT can also remotely wipe company data from the phone, if needed, too.
- Have a process in place for departing employees
Since the devices belong to employees, they can’t exactly hand things over on their final day in the office. This is why you need to prepare procedures that terminate the departing employee’s access to the company network, business email accounts and other software programs and files.
CDL is one of the UK’s leading IT disposal companies, working alongside big-name business in a range of industries. To find out how we could help your business, or for more of the latest tech news and advice, visit our homepage or call our team today on 0333 060 2846.