BYOD - How to lessen the risks of your team using their personal devices for work
Posted 6th November 2020
When the sudden lockdown hit in March, a sensible option for many businesses was to enable their staff to work from home using their personal devices. BYOD or Bring Your Own Device has become increasingly popular over recent years as the outlay of buying devices for staff members to use remotely has been mitigated by the ability to install apps on phones, tablets, and computers. However, utilising BYOD without having appropriate security settings and policies in place can place the cybersecurity of a business at risk.
While it may seem like a convenient and money saving measure to have access to company data readily available at team member’s fingertips, businesses need to remember that increasing access also increases the number of endpoints that they need to manage. It is also worth bearing in mind that any company data loss from an employee’s personal device is the company’s responsibility, not the employee’s. So, if information is lost or access to company files is compromised through a remote worker’s poor safety practices, your business will be liable. Additionally, staff are less likely to have the rigorous security compliance processes than you would expect within your own, inhouse network. In the simplest terms, an infected app on a phone or tablet could lead to massive gaps in your security. Added to this are insecure passwords, other family members using devices, and the potential that a phone or laptop could be mislaid.
How to lessen the risks of BYOD
Create a BYOD policy
LP Networks advise all our clients who operate BYOD to have a comprehensive policy that covers the impact that using personal devices can have on the security of their business. Within this you should include a policy on using unsecured WiFi networks, the rights and responsibilities of the staff member accessing company files on their own device, minimum security levels for devices (for example implementing finger print and face recognition to access data), and information on when and how you will audit endpoints and devices (for example you may request that personal devices undergo a regular health check).
Educate and inform your team
We always argue that your team is your first line of defence against cyberattacks and data loss. So, it makes sense to ensure that any team members using their own devices for work are cyber security conscious. With 80% of cyberattacks and breaches caused by fraudulent emails and redirects to fraudulent websites, ensuring your staff are aware of potential dangers is vital.
Check who has user privileges
When team members leave and move on to other employment you should remember to check whether they have been able to access your network from their own devices. If they have, make sure that those privileges are rescinded.
Introduce encryption to any data transfers
Using encryption can significantly reduce the likelihood that the data on a device can be intercepted. Ensuring that all of your team have encryption active on their devices goes some of the way to keeping your data safe.
If you are worried that you have introduced BYOD without putting the proper safety measures in place, or want to gain a Cyber Essentials Accreditation, get in touch with the team at LP Networks for a chat.