What Are the Risks of Having a Bring Your Own Device Policy?

What Are the Risks of Having a Bring Your Own Device Policy?

According to Tech Pro Research, just under three-quarters of organizations in the US have a Bring Your Own Device (BYOD) policy or plan to implement one in the future. As such, there is little doubt that BYOD is far more than just a trend, but rather the new norm in the modern workplace. But as it continues to expand, so does the need for businesses to ensure they’re properly protecting their data.

Allowing employees to use personal devices for work introduces important security challenges. By far, the biggest challenge lies in striking the balance between employee privacy and control over corporate data. With that in mind, here are some of the key security implications of having a BYOD policy:

Lost or Stolen Devices

Due to their highly portable nature, devices like smartphones and tablets get lost or stolen all the time. However, far worse than losing the value of the device is an unauthorized user accessing your corporate information. With devices owned by the company, you have complete control over which data is stored on the device, and you’ll usually be able to remotely wipe it as soon as a device is reported missing.

With employee-owned devices, there’s the added factor of data ownership. Although many BYOD policies feature a remote-wipe clause, it does not provide a bulletproof method, since it needs employees to report the missing or stolen device as soon as possible. A far better approach is to avoid having any corporate data on the device in the first place by using cloud-based apps and storage.

Employees Leaving the Company

When an employee leaves the company, particularly if they do so abruptly and on bad terms, there’s a good chance that you won’t have a chance to wipe the device and remove any security and access tokens. That’s why a poorly implemented BYOD strategy can allow former staff to get unauthorized access to your systems even if they’re no longer your employee.

Concerns about resigned employees taking confidential information with them can easily be solved by including a mandatory exit strategy that allows you to remotely wipe any corporate data from the device. This exit strategy will also apply if an employee violates the terms and conditions of your BYOD policy. Finally, you should also provide employees with the facility to disenroll from the program voluntarily.

Access to Unsecured WiFi

Easily one of the greatest benefits of implementing a BYOD policy is that it allows your business to increase workforce mobility without having to supply a huge fleet of company-owned devices. Unfortunately, the convenience comes at the price of having relatively little control over how your staff use their devices and which networks they connect to.

Since employees will spend most of their time connected to home networks or public wireless networks, any unencrypted data in transit between the device and the local router will be at risk of landing in the hands of hackers. However, by requiring staff to connect to the internet through a VPN, they’ll be able to use any network safely whenever they want to access your business systems.

Vulnerable Apps and Devices

The mobile market might be broadly divided into Android and iOS-powered devices, but that’s a very broad generalization. In fact, the vast number of different operating system versions, manufacturers, and models is what makes implementing a BYOD policy especially challenging.

Blacklisting certain apps and devices known to have security vulnerabilities is an essential part of any BYOD strategy. As a starting point, you’ll want to exclude any jailbroken or rooted devices since they’re more likely to have serious security vulnerabilities. You’ll also want to exclude outdated devices that no longer receive security updates.

Total Tech Team helps companies maximize their investment in IT with the services and expertise needed for growth and future success. Call us today to find out more.