Social and political changes have recently influenced the world of work and have profoundly changed it. Whether it is the Covid-19 pandemic or the labor shortage, companies and employers have had to redouble their creativity and resourcefulness to overcome these new difficulties. Several initiatives have emerged, such as telecommuting, and many benefits have been offered to potential job candidates to attract new talent and improve employee retention.
As in any unknown situation, the solutions adopted can improve the targeted cause, without preventing a return of the pendulum after a certain time. If you have to act quickly in business, the downside of a good idea can be felt just as easily.
One of the phenomena currently observed in the labor market is bring your own device, also known by the acronym BYOD. This great idea, seemingly satisfying for employees and for cost savings, will, over time, prove to be a breeding ground for security risks and theft of sensitive information.
DMIB takes the time to dissect with you the risks of bringing your own device on the job market.
What is the Bring Your Own Device (BYOD) concept?
The Bring Your Own Device concept is simple: for a company, it is about authorizing the use of personal devices within the professional context. By personal device, we mean any computer equipment used for work and not provided by the employer, that is to say purchased by an individual, but used for professional purposes.
This concept was born a few years ago, especially with the proliferation of electronic devices and new technologies. Intel has recognized a strong trend among its employees to bring their personal devices from home to work and connect them to the corporate network. The company saw it as a good way to save on IT costs and increase workforce productivity, but the possibilities of BYOD also have their limits.
What is an example of Bring Your Own Device (BYOD)?
The concept of bringing your own device is currently taking place in many companies. Examples of BYOD that have become mainstream are allowing employees to…
➢ Work from their personal computer or cell phone in the context of teleworking;
➢ Answer customer calls from their personal phone number;
➢ Connect to the company network from a computer used for both personal and professional purposes.
Any instance where the company allows its employees to use their personal devices for work purposes is an example of Bring Your Own Device.
Where is the Bring Your Own Device used?
The popular concept of bring your own device is used in the business world to simplify users’ lives and save costs. However, DMIB and several other companies with cybersecurity at heart see a problem in allowing privileged access to sensitive company information on a personal device.
The concept can be used wherever it is possible and necessary to work with computer hardware.
Why do some adopt Bring Your Own Device?
We have already mentioned that the concept of Bring Your Own Device has cyber security flaws. So why do some companies continue to implement it? To tell you the truth, BYOD has gained in popularity because the concept still offers a number of advantages:
- Some reports show improvement in productivity. Since the employee is familiar with their device, this can allow them to work more efficiently. Being more comfortable with a device allows you to complete tasks more quickly.
- One of the biggest benefits of bring your own device is convenience. Technology users, in other words employees, have only one device between work and home. Everything is done from the same machine.
- Another big advantage of bring your own device in companies is that the concept makes it possible to respect everyone’s preferences. If Martine is all about Apple while Marc prefers Samsung, both employees are free to use whichever device company they prefer.
- Bring your own device allows greater flexibility in the brands used as well as where the work is done from. Indeed, the ability of staff to work anytime, from anywhere in the world and from any device, as long as he or she has access to the network is a huge advantage.
- Finally, companies see an advantage in terms of possible savings in terms of electronic equipment or work equipment.
One can understand why a company would choose to adopt a BYOD policy. Several employers quickly judge that it is more economical to participate in bringing your own device, while constituting a much lighter management burden. And yet: this is where the error is most frequently made.
So why is bringing your own device dangerous?
BYOD seems, visibly, quite safe and simpler in general. However, this is not the case. Why is this?
First and foremost, you should know that our personal electronic devices are not, by nature, equipped for professional use. While almost all computers have a mailbox, word processing software and an internet connection, their protections against important and sensitive data may not be suitable for a professional context.
Of course, not everyone should be put in the same boat. Some adequately protect their devices against web threats. However, for the most part, we notice the absence of protections on computers dedicated to personal use such as:
- Data encryption;
- Antivirus, etc.
The Bring Your Own Device concept carries many cybersecurity risks, not only because controlling and adhering to policies is more difficult on multiple devices that do not operate in the same way, but also because if an employee leaves your organization, he also leaves with all the sensitive data stored on his personal computer. Not having to return his device at the end of his service (since it belongs to him), who knows where this information concerning your company will end up?
An employee who has given his personal telephone number to his customers and who resigns can still be called by the customers of his former company. At this point, customers might be talking to the competition if that employee has found a new job with a market-competitive firm.
Mistakes happen so quickly, whether it’s a former employee who sells their computer without first erasing their data or a child playing on your tablet and accidentally emailing sensitive content.
As the labour market and private life become intertwined, your organization’s IT representatives must also manage a new challenge: that of monitoring only the professional use of devices, and not about employee privacy.
In a corporate context, there is often some form of control over what sites are visited. The concept of bring your own device makes this internal control impossible, making users much more likely to visit unsecured or corrupted websites containing harmful material, such as viruses, ransomware, spam, etc.
Software vendors and web developers keep up to date and regularly release patches to deploy to address certain threats or security breaches. In a bring your own device context, each employee with different hardware makes it very complex to manage the deployment of patches at the right time.
In addition to security breaches, managing a bring your own device policy becomes a significant administrative burden and without real added value to your other daily operations that could potentially benefit more.
If working on a device that we are comfortable on helps our efficiency, it can also encourage us to be distracted. On your personal computer, you may receive message notifications whether you are tempted by your Netflix account or an incoming email from your home address.
For all these reasons, the concept of bring your own device can lead to:
- Loss of time and money: in the event of a data breach, you will lose precious time restoring your information and you will potentially lose revenue;
- Data and sensitive information breaches: your employee connects to your files on his own terminal without the necessary protections. Anyone can infiltrate your data;
- Identity theft;
- Competitive disadvantages in an already competitive market: if customers are associated with an employee and the latter resigns taking his customers with him;
- Intense administrative overhead trying to manage a large number of different devices for which you do not have a list of downloaded applications, versions and updates. You will waste a lot of time protecting your data.
If you still decide to opt for a bring your own device solution, you have to think about its policy. But there are other ways to do it!
What are the solutions in return for bringing your own device?
- Plan a small number of devices from the same company and adequately protected to provide to your old and new employees! For efficient and secure management of your data, it is essential to separate professional electronic devices from those used in private life.
- Use cloud-based software solutions to allow the work environment to be moved to any device for maximum security. However, be sure to protect your cloud service adequately. This solution allows a certain flexibility while guaranteeing a good form of information protection.
- Always keep a record of professional devices and make sure to install all required protections. Keep a detailed table of the software downloaded on the devices with their versions and the updates made.
In short, you will have understood that the bring your own device concept can lead to several flaws in the security and data protection of your company. Whether in terms of the integrity of your information or simply the people who have access to it, it is essential to be careful with BYOD. As we know, cybercriminals are deploying more and more force in their attacks while making themselves harder to unmask.
Do you need assistance to help you manage the risks of bring your own device or to implement work devices within your organization? Consult our team of cybersecurity experts! Our representatives will be able to direct you to the right solutions for the needs of your company and your employees.