A BYOD policy (bring-your-own-device) is increasingly common in business, especially with everyone working from home during the pandemic. The shutdown caught most companies by surprise, so the only option for keeping some semblance of normalcy involved shifting work from a shared office, with secure company devices, to satellite campuses in the homes of all your essential workers.
In addition, having workers use their own devices, even once they’re back at the office, has many advantages. For instance, it’s cheaper for you because employees use their own laptops and mobile devices, which means you don’t need to provide these devices for everybody. I mean, think about it. If the average computer costs $1000, which is a pretty realistic average for the type of hardware necessary for most business operations, a team of 30 means an outlay of $30,000 for computers.
More important, these cost savings occur without pissing off your employees. In fact, employees are often happier and more productive when using their own device because they’re more comfortable with the keyboard layout and feel, as well as other features of the device. Having employees use their own devices also reduces frustration, especially when an employee’s job may require the use of multiple devices. By having employees use their own devices, they don’t have to worry about where data and documents are stored, remember passwords to both company and personal websites, and have a single browsing history that makes it easier to find search results later.
Using a personal device for work saves employees 58 minutes each day, which results in a 34% increase in work productivity. Over half of all employees feel more productive when they use their personal devices for work. Hardware upgrades are also easier for employees who are using their own technology [source].
Employees bring devices to work. Even if they use company-owned computers, they likely bring their tablets, smartphones, and other mobile devices, which they promptly connect to your company server, representing the same threat to your systems as if they used their own computers. Defense contractors and government agencies may get away for requiring such mobile devices to remain outside the building and never connect to your computer system, but most private companies would face a rebellion if they tried to institute such policies.
Hence, companies face BYOD even if it’s not company-sanctioned and security is a much bigger problem with BYOD. That’s because personal devices don’t necessarily possess the same level of security as devices the company controls, such as firewalls, VPNs (virtual private networks), and personal devices may log in to your secure business network after becoming infected by sloppy practices off-campus, such as using a shared WIFI connection that transfer viruses or other malware to the company server. That’s why you need a strong BYOD policy and strong enforcement.
When everyone uses a work computer, you ensure the right security measures are installed, but you don’t have that guarantee when everyone uses their own personal device. However, as long as you take these steps to create a BYOD policy, you ensure that your data is safe and secure.
Make passwords compulsory
Even though passwords are the most basic security measure, some people still don’t use them on their personal devices, especially smartphones. If the person normally keeps the device at home or in their car and ensures the device is secure, that person may not worry about the device falling into the wrong hands, so they don’t think they need a password.
That’s fine for them, but what happens when employees bring that device to your workplace and log into your secure network? Or if they take their laptop to and from work and store sensitive company information on the device? If you allow remote login to your network, even if the employees don’t bring the device on campus, it represents a vulnerability. They need a password, preferably a strong password that changes frequently to protect you from whatever bad habits they get into with their personal devices.
Part of your BYOD policy must include requirements for passwords on any device entering your campus. Similarly, teach employees how to set a strong password and check that all devices are password protected before they are used for work.
Provide security software
The best way to ensure that every device is safe is to provide security software and require all employees to install it on their device before they use them for work or while logged into your network from anywhere. And, ensure they always have the most recently updated software of these devices.
You reduce security risks with mobile device management systems that allow you to connect to all devices from a central management console and push out software updates. This ensures all devices are fully up to date with the latest security software.
Identify and disallow blacklisted applications
Your employees are going to use their devices for personal purposes. After all, the device belongs to them and they have every right to use it as they see fit.
That’s why it’s important to create a blacklist of applications they cannot install on any device that is used for work or brought into your building. Certain applications, like file-sharing programs, for example, pose a security risk, so they should not be used on devices at work. You can use a mobile device management system to block this type of application on all devices, so add that to your BYOD policy and ensure employees follow the rules.
Restrict data access
If you reduce the number of devices with access to sensitive data, you reduce the chance of a data breach in a big way. That’s why it’s important that you restrict data access to those who actually need it for a legitimate job function. For example, your marketing department needs access to customer data so they can run data-focused marketing campaigns, but the sales team doesn’t necessarily need all of that data, so their access should cover only customers in their territory.
You NEVER want employees to store data or other information on their personal devices, even with a strong BYOD policy. The chance of theft, loss, or damage to the device means losing your proprietary information, as well as leaving it open for whoever acquires the device.
Again, a mobile device management system monitors exactly who accesses data and for what reason, so you can the flow of data is controlled and you don’t leave your company open to unnecessarily risk data loss.
A BYOD policy benefits your business in a number of ways, so it’s important that you put these important security measures in place.