It’s 2018, and in today’s age of flexible working, virtual offices and the thoroughly modern business, the ‘Bring Your Own Device’ (BYOD) policy is becoming increasingly popular. This means employees are expected to use their own personal devices – such as mobile phones and laptops – to carry out their workplace duties. For many organizations, implementing a BYOD policy is cost-effective, as it cuts the expense of purchasing devices for all employees, a practice which can prove extremely costly if your workforce is remote. But is this saving worth it to put your business at risk?
The weakest link in your business’ security is its endpoint devices. Laptops, mobile phones and other devices house sensitive business data, and are not always secure against attack, especially compared to network-secured desktop devices. A recent study highlighted the extent of this security threat, with 42 percent of surveyed professionals saying their endpoints had been breached.
A survey by Thumbtel recently showed that just over 25 percent of senior managers use their personal mobile phones for work, and almost 80 percent of business owners use the same phone for work and personal reasons. Blurring lines between personal and work devices may make life a little easier for those who struggle to juggle more than one device, but especially considering the EU implementation of GDPR in May 2018, this crossover of work and personal is a threat to your business’ personal data and could even put you at risk of breaching GDPR.
5 Ways BYOD Is a Threat to Your Company
- GDPR Concerns
In this post-GDPR age, sensitive customer data from the EU – and beyond – must be safeguarded by law. Within your BYOD policy, will employees have access to sensitive customer data on their personal device? This may violate GDPR, which can affect your business financially and cause customers to lose trust.
- Security is Outsourced
Personal devices often need updating, and a company’s IT department will not have control over employees updating their devices. Mobile devices such as mobiles and tablets are most prone to attack, and if these are out of reach of the business’ security team the risk of a breach increases exponentially.
- Cross-Contamination of Data is Likely
With both personal and work data being stored side by side on employee devices, there’s risk of important and sensitive work data being deleted accidentally, or personal data shared with the work environment. Likewise, in a Big Brother-style scenario, employers with access to the location and activity on the endpoint device may be privy to sensitive personal data, including the location of their employee, which poses a personal privacy risk.
- Risk of Insecure Use
As the endpoint device is not restricted in location or use, employees could connect to an unsecured public WiFi network, which renders that device vulnerable to attack. Insecure use applies beyond an unsecured network too; employees may allow use of their devices by an external party, inadvertently providing access to confidential corporate data.
- Human Error
Employers can restrict use and impose strict security policies on their owned devices, and devices that are connected to a secure network by the organization are much easier to protect. Human employee error is a huge risk to companies with a BYOD policy, as employees may lose the device, causing data loss or breach. They could also make a huge range of other errors, including leaving their devices unlocked in public and lending it to a malicious entity by mistake.
How to Mitigate Security Threats Posed by BYOD
- Implement a stringent BYOD policy that all employees must read and agree to.
- Ensure your BYOD policy firmly outlines how employees are expected to safeguard customer data, or ensure customer data cannot be transferred to insecure endpoint devices.
- Practise secure data erasure across all endpoint devices to reduce the surface area vulnerable to attack.
- Use endpoint security/MDM solutions such as Mobile Iron to secure your mobile enterprise.
- Opt into a “Find My Device” service to remotely locate and securely erase devices.
- Use antivirus or spyware scanning tools. IT and security teams should assist employees in selecting and installing antivirus software prior to using their devices at work.
Ensure secure data erasure is central to your BYOD policy. Try Blancco Mobile Device Eraser today for free.