Why You Must Consider the Security Risks of BYOD

Written by

Less than 30% of firms expecting their workforce to be fully in person over the next five years, according to research by the British Chambers of Commerce. Therefore, many enterprise technology purchasing decisions are, naturally, being made with hybrid or remote work in mind.

Many businesses I speak to have reduced the number of in-office PC’s they have available, and most of their workforce are bringing their laptop or device into the office each day. These devices need to be lightweight enough to be carried on the commute, but also powerful enough to replace a fully-fledged, tower PC, and secure enough to keep business and customer data protected.

This latter point on security is paramount. We’re seeing continued evolutions in how the enterprise security landscape is changing in response to hybrid and remote work becoming the new norm for many.

Quishing, phishing or vishing attacks, for example, are all increasingly directed towards enterprise users and see bad actors use phone calls, emails or voice messages to trick device users into revealing sensitive information. Regardless of where and when they’re being used, devices must have the in-built and ongoing security to keep enterprise data and infrastructure safe.

Sometimes, all these requirements necessitate a refreshed device portfolio, which can be a significant investment. As a result, a minority of enterprises have opted to keep existing in-office PC’s and allow employees to access company emails and cloud-based file systems from home on their personal devices – also known as Bring Your Own Device (BYOD).  

Weigh up the Costs of BYOD Risks

It’s understandable why some businesses opt for a BYOD policy – sometimes employees prefer a certain OS or software suite and feel that they’re more productive on a personal device. It’s also significantly cheaper in terms of upfront costs for a business to not invest in enterprise devices or software.

However, BYOD policies present significant security concerns, meaning they’re very rarely suitable in an enterprise environment. Personal devices may not have the same level of protection as corporate devices, such as antivirus software, firewalls, encryption or VPNs.

Personal devices may also be more vulnerable to unauthorized access by family members or friends. Additionally, personal devices may store both personal and work-related data, which can create privacy and compliance issues.

What’s more, while BYOD policies may initially seem cost-effective, it's crucial to consider the potential costs incurred by the increased risks associated with such policies. Investing in a suite of devices that are maintained, managed and kept secure can lead to reduced costs over time, as it mitigates the security threats inherent in BYOD environments.

Furthermore, it's worth noting that some employees might prefer BYOD because it allows them to use their preferred devices, which they find more efficient and enjoyable to work with compared to company-provided options that may be perceived as slow or cumbersome.

This preference underscores the importance of investing in quality devices that employees want to use, as employee satisfaction with their devices is a key tactic in maintaining a secure enterprise environment.

A further factor that employers must consider is the legal and regulatory implications of BYOD policies. These policies may expose employers to various risks and challenges, such as data breaches or losses caused by employee negligence or malicious actions.

In conclusion, BYOD policies may seem attractive for both employees and employers, but they also carry significant risks. Before adopting or rejecting a BYOD policy, employers must carefully evaluate the pros and cons of BYOD and the impact on their business objectives and risks.

Overall, the aim should always be to minimize the reliance on BYOD setups by offering devices that meet the security and performance needs of the workforce right from the start.

What’s hot on Infosecurity Magazine?