BYOD Risks: How to overcome the risks of employee-owned devices

Are you concerned about BYOD risks? Bring your own device (BYOD) is the practice of allowing employees to use their own technology for company-sanctioned work. BYOD seeped into office culture as mobile phones became more common. Over time, employees started connecting their work email and taking work calls on their mobile devices. Companies struggled to figure out who needed company-issued devices and how to regulate personal devices.  

On the surface, BYOD seems like a win-win situation. Numerous studies have shown that allowing employees to use their own devices at work improves worker morale and productivity. Companies like the perceived cost savings. They don’t have to buy, maintain, and manage employee-owned devices. Employees like the freedom of choosing their own technology and the convenience of only having one device to manage.  

There’s no doubt that BYOD is here to stay. In fact, in our new hybrid / work-at-home era, the use of employee-owned computers, printers, and smartphones has dramatically expanded. And while this arrangement makes sense in many ways, businesses need to be aware of the risks.  

Company vs. employee-owned devices

The risks that come from company-owned devices are also risks for employee-owned devices. The difference is that when you own the equipment, you have more control. Many companies prefer to issue equipment to employees because then the company has more administrative power to enforce compliance with company policy.   

 What are the top BYOD security risks?  

1. Malware and malicious apps 

Working on their own devices, employees may visit insecure sites and download all sorts of information. Unfortunately, some of these downloads may include malware, including computer viruses, spyware, adware, trojans, worms, rootkits, and keyloggers. Malware attacks, and especially ransomware attacks, are on the rise. If these threats get onto employee devices, they may go undetected for quite some time and ultimately infect your company files.  

2. Data security breaches  

A security breach can happen anywhere—from a home network to public Wi-Fi hotspots. Employees may not think about the ramifications of sharing a sensitive file over an insecure network. If you’re not careful about securing sensitive content, hackers could easily get into those files. This puts all of your organization’s confidential information at risk. If the device is lost or stolen, malicious individuals may have easy access into your entire company network.  

3. Sensitive data leaks  

One of the biggest concerns when it comes to BYOD programs is potential data leakage. When employees are using their own devices to access sensitive business information such as financial records, customer lists, intellectual property, etc., you’re vulnerable to having this information exposed.  

If your company has to comply with regulatory requirements like HIPAA, or handles sensitive information like social security numbers, you need to be extra cautious to make sure that any personally identifiable information isn’t accessible by anyone other than authorized personnel.  

4. Data loss 

Whether it’s a lost device, a hardware failure, or a file that wasn’t backed up because it was stored outside of the company network, data loss is a common risk and valid concern.  

How to mitigate BYOD risks 

1. Strong BYOD policies with good ongoing communication 

When it’s the employee’s device, you must find ways to safeguard your organization. At the very least, you need to be clear about your expectations, rights, and responsibilities, preferably in a written BYOD security policy. Clarify who is responsible for maintaining anti-virus software and what happens if the device is lost or stolen. Let them know your expectations for company information being backed up and where it can and cannot be stored.  

And don’t just put this information in a company policy that gets stuck at the bottom of a file drawer. Reinforce the importance of your data security measures on a regular basis.  

2. BYOD security practices and tools  

You know that no matter how solid of a BYOD policy you create or how many times you tell employees they need strong passwords, they may not always follow data security best practices. You can mitigate BYOD risks with security tools that keep work and personal life separate and protect company data.   

Virtualization – Some companies set up virtualized desktops to help employees create a dedicated, secure workspace. The virtual desktop automatically stores all applications and files on shared drives and allows for centralized IT administration, monitoring, and backups.  

VPN – A VPN can protect communications from being intercepted. 

App segregation – Some devices allow you to have one workspace for work and one for personal tasks, which helps to decrease accidental sharing of the wrong information.

Content-level security – Some apps provide content-level security, meaning that even if an unauthorized individual can find a file, they may not be able to open it or read it unless they know the password or have the credentials to decrypt the file.  

Mobile device management (MDM) and endpoint security – If a device is lost or stolen, if you have device-management capabilities, you may be able to remotely wipe the device the next time it connects to the Internet.  

Anti-virus software and firewall protection – Some employers pay for enterprise-grade security tools to manage employee-owned devices.  

3. Monitoring and maintenance procedures  

The challenge with BYOD is that there’s a wide range of devices and use scenarios – between the employee who occasionally checks work email on a personal phone and an employee who is using their laptop every day for company business. How much monitoring you do, and who’s responsible for device maintenance is up to you.  

To start, you’ll want to think through how to handle:

• Routine backups  
• Applying security patches  
• File sharing
• Email and content monitoring
• Malware detection and removal

Embracing employee-owned devices  

While we’ve focused entirely on the risks for employee-owned devices, BYOD also has many advantages. You have less hardware to buy. Employees are happier. Teammates can stay connected as they work from anywhere.  

What are your top challenges when it comes to remote work and managing employee-owned devices? Have you found BYOD solutions that work great for you? 

If you need help, Eclipse Consulting provides technical support and guidance for growing businesses throughout the USA.