The use of mobile devices by today’s workforce is as ubiquitous as smartphones themselves. The lines are blurring as employees jump from their Instagram to the company file-share on their personal devices. A recent survey commissioned by Samsung from Oxford Economics (requires registration to download) found that nearly 80% of employers felt their employees couldn’t perform their jobs without them. Companies rely on them to reach employees during and after regular working hours. Employees rely on them to stay connected to their email and other critical line of business applications.
The Rise of BYOD
Advances in the technology and the perceived costs of providing their workforce with secured devices made BYOD an attractive proposition to employers. Workers like that they only have to keep track of one device devices and the convenience of managing their personal and work items in one place.
In the 2019 Intelligent Information Management Benchmark Report, survey respondents indicated that:
- Over 60% of employees use personal file-sharing apps and/or personal devices to access and share company information… yet
- More than half of companies (52%) discourage or prohibit the use of personal devices.
So, what’s the solution? Allowing employees to bring their own devices has been shown in several studies to improve worker morale and productivity. Why wouldn’t companies want to continue with a policy that’s popular and cost-efficient? While there are pros and cons to the practice of BYOD, we know that it’s a practice that’s here to stay. However, organizations that engage in BYOD practices should at least be aware of the most prominent risks.
Top 7 BYOD Risks
BYOD risks become more apparent after considering the impact of having so many different entry points into company systems. What happens when employees fail to download critical security patches or use unsecured networks to transfer critical files? How prepared is your business to deal with the following hazards?
Opportunities for Data Theft
BYOD policies make it easy to stay in contact with your employees. But what if they’re at the airport and send out a file over an unsecured Wi-Fi network? Think about the risks of exposing this information to hackers looking for access into critical company systems, which is especially prevalent in airports. Hackers will find opportunities to steal data and the practice of BYOD can be a great environment for them to do so.
Your employees use their devices to download all sorts of information and may not be careful about separating and securing valuable company data from everything else. What happens if they inadvertently download a mobile game with hidden malware or viruses? They could end up passing it right into your company network the next time they log in.
Potential Legal Issues
An organization’s reputation can be severely damaged if a security breach through an employee’s device leads to a leak of crucial information on your customers or business partners. That means possibly dealing with litigation from different parties.
Your company would then need to lay out capital trying to defend itself against legal challenges. Not to mention suffering possible legal penalties from local, state, or federal authorities if they rule that your business didn’t take enough precautions in keeping the device secure.
Device Loss or Theft
An employee losing a device or having it stolen can go from a big inconvenience to a disaster for your entire company if they didn’t follow recommended company security protocols. What if they didn’t have a secure password for logging into company systems? Did they make passwords easy to find by storing them somewhere on their device?
Even if the worker did everything correctly, hackers now have access to more sophisticated technology. Someone with enough determination and skill can crack a secure password or thumbprint identifier.
Poor Mobile Management
Employees can leave your company for any reason. How can you be sure former employees no longer have mobile access to company applications on their way out? How easy would it be for them or someone with access to their device to get back into an app or system? Would you be able to track the device down as the source of a security breach?
Lack of Employee Training
Many security breaches come as a result of mistakes made by employees. They may not fully understand company requirements when it comes to securing their device. Do you require your workers to attend hands-on briefings, or merely sign off on a document stating they understand company policies? Inadequate training can lead to employees making errors which lead to compromising the security of your company’s systems.
There’s also mounting concern with shadow IT, where information technology is managed outside of (and without the knowledge of) the company’s IT department. An Avanade survey reports that “one-third of tech purchases in a company are made by people who don’t report to the CIO.” Employees bringing in consumer grade products opens up a host of problems for a company. In fact, 96% of Americans surveyed see employee negligence, such as user low-security products or infected removable storage media, as a contributor to data breaches.
Protecting Your Company
You don’t need to leave your company at risk due to a lax BYOD policy. Adhering to the following recommendations can go a long way towards keeping employee devices from being weaponized to commit cyberattacks against your company.
- Think through and test your BYOD policy before rolling it out company-wide
- Take inventory of every employee device accessing your network
- Conduct periodic audits of your BYOD policy
Carefully consider the trade-off of a BYOD policy versus the security of your company. It’s better to be prepared rather than leaving business data exposed to internal and external threats.
M-Files provides a mobile application with multiple levels of security and robust user and access permission capabilities to help allay some of the fears BYOD might bring about.