The world of work has changed dramatically in recent years. Now, 75% of all employees use their personal cell phones for work-related tasks.
The advent of the bring your own device (BYOD) movement is one of those unaccounted for features of a society whose technology is moving faster than common sense can keep up with.
In this blog we’re going to break down the 10 most dangerous and common security risks of BYOD as it relates to businesses, and what you can do to mitigate the risk they pose to your bottom line.
What is Bring Your Own Device (BYOD) and Why has it Become so Popular?
First, let’s address the elephant in the room: what exactly is BYOD?
Also known as “Bring Your Own Technology,” BYOD refers to the policy of allowing employees to use their own personal electronic devices for work purposes—including but not limited to phones, laptops, and/or tablets.
Are Your BYOD Devices Secure?
Talk to us to find out how you should be securing remote and personal devices
This trend has become popular with businesses for a few reasons: it saves them money on purchasing devices for employees, increases employee satisfaction and productivity by allowing workers to use their preferred device, and potentially streamlines communication amongst team members.
Some Real-World Examples of Bring Your Own Device to Work Security Issues
As with any new technology trend, there are potential downsides to be aware of.
Let’s briefly discuss some recent real-world examples of the security risks posed by the BYOD movement:
1. In 2014, hackers were able to access sensitive personal information (including Social Security Numbers) of 4 million current and former government employees through a weakly secured mobile device belonging to an employee of the Office of Personnel Management (OPM).
2. In 2018, CIBC suffered a security breach when one of their employees fell victim to a phishing scam on their personal device, giving hackers access to sensitive client information. The bank was forced to pay $1.7 million in penalties and implement new cybersecurity measures as part of a settlement with Canada’s privacy commissioner.
3. In 2017, Deloitte, a global consulting firm, experienced a data breach affecting their email system and potentially compromising sensitive information belonging to clients—including major companies like the US Department of Defense, as well as Hollywood power players like Disney and Netflix. This security breach was attributed to an administrator’s account being accessed via an external source using an unprotected device.
The 10 Most Common Security Risks of BYOD and What Business Owners Can Do to Prepare for Them
Now let’s dive into the top 10 BYOD security risks and how they affect businesses:
1. Weak Passwords
It may seem obvious, but all too often personal devices used for work purposes lack strong passwords or even basic password protection measures such as screen lock codes.
If they’re lost or stolen, devices become vulnerable to unauthorized access by hackers and potentially expose sensitive company information. Instituting mandatory password protection measures for all employee-owned devices is crucial.
2. Unsecured Wi-Fi Networks
If an employee connects to an unsecured public Wi-Fi network using their personal device for work purposes, they may unknowingly be exposing the device (and, in turn, company data) to potential security threats such as malware or man-in-the-middle attacks.
Educating employees on the importance of only connecting to secure Wi-Fi networks—and providing virtual private network (VPN) options on your own corporate network—can help protect against this risk.
3. Outdated Software
Many personal devices used for work purposes may not have the most up-to-date software and security patches, leaving them vulnerable to hacking attempts.
As a business owner, consider providing employees with resources for regularly updating their devices’ software and installing necessary security patches.
4. Unauthorized Apps
Employees may unknowingly download unauthorized apps on their personal devices, some of which may contain malware or spyware that can compromise company data. Implementing a strict policy about only downloading approved apps (such as those receiving approval from a reputable app store)—and conducting regular device audits—can help mitigate this risk.
5. Lack of Remote Wipe Capability
In the event that a personal device used for work purposes is lost or stolen (or when employees leave the company suddenly), having the ability to remotely wipe the device can prevent sensitive company information from falling into the wrong hands.
Consider requiring employees to enable this capability on their devices before using them for work purposes in order to better protect data that could become exposed.
6. Jailbroken or Rooted Devices
Devices that have been “jailbroken” (for iPhones) or “rooted” (for Android phones) allow users to access and modify normally restricted portions of the device’s operating system—potentially leaving them open to security vulnerabilities.
Want to Become Your Company’s Resident Expert on MSP Knowledge? Check Out These Other Useful Blogs:
You may want to give serious thought to implementing a policy prohibiting the use of jailbroken or rooted devices for work purposes and conducting regular audits to ensure compliance.
7. BYOD Policies Not Enforced
It’s important for businesses to have clear BYOD policies in place—but these policies are only effective if they’re consistently enforced.
It’s important to regularly educate employees on the importance of BYOD security and enforce compliance with established policies.
8. Lack of Device Encryption
Without device encryption, sensitive company data stored on personal devices may be vulnerable in the event that the device is lost or stolen.
Ensure you’re requiring employees to encrypt their devices before using them for work purposes—and providing resources for how to do so. Or else have your in-house IT team perform said task.
Another mobile security solution for this risk is to distribute company-purchased and owned mobile devices which are the only mobile devices authorized for employee work-related use.
9. Insufficient Employee Training
This ties into enforcing BYOD policies—employees need to be properly trained on how to securely use their personal devices for work purposes in order to effectively mitigate potential security risks.
You may want to provide regular training and education on BYOD risks and issues in order to better protect your sensitive data.
10. Mixing Personal and Work Data
Allowing employees to use their personal devices for work purposes can lead to the mixing of personal and sensitive company data, potentially creating a security risk or data leakage.
As a business owner, consider implementing measures such as virtual desktops or separate user accounts to help keep personal and work data separate.
Overcoming the Potential Problems with BYOD with the Help of a Leading Managed Service Provider
Overall, it’s important for businesses to be aware of the potential security risks posed by BYOD and take steps to mitigate them. Implementing and enforcing clear policies, providing employee training and education, and staying up-to-date on software and security measures are key to protecting corporate data security in a BYOD environment.
And here at Yardstick Technologies, our breadth of experience lies in exactly that area. We are practiced experts at managing and protecting end-user devices so as to defend corporate and sensitive customer data from the undesirable online element.
IF you’d like to discuss your possible BYOD security needs, please contact us and schedule a free consultation where we can identify your exact needs as a business, together.