Work on personal devices. Employees love them. A lot of small companies and MSMEs are increasingly embracing Bring Your Own Device (BYOD) policies. But IT security is still skeptic about it. There’s a clear clash of wills here and it’s not difficult to figure out why.
Employees love working on their personal devices. The perceived benefits are quite attractive – they don’t have to carry many devices, they are much more used to their own devices so find it easier to adapt and they can work on the go, which could lead to increased productivity for an enterprise. While for MSMEs, BYOD leads to cost-savings which make for an attractive proposition – they don’t have to provide employees with work devices.
But IT security has a very valid point. When it comes to employees using their own personal devices, the line between work and personal gets very blurred. And that can have a big effect on cybersecurity, mainly because they are not able to have any oversight on them.
Lack of control
What if employees use their personal device on an unsecured WiFi which often has backdoor vulnerabilities deployed by hackers? What if they click on suspicious links or download fake applications which quietly steal all company-related data from the device?
There are more scenarios which illustrate the troubling problems personal devices used for work can bring: what if employees don’t update or patch their devices frequently hence leaving them open to hacking attempts? And very importantly, what is the procedure if an employee leaves the company or even absconds? A company runs the risk of important confidential data being irrevocably lost forever.
Yet, despite these troubling scenarios, BYOD policies and work on personal devices is becoming more and more popular. More and more enterprises are empowering employees to work on their personal devices. And so it’s important to find a way to alleviate the issues that come with this scenario.
Have a clear policy – It pays to have a clear policy outlining your policy on personal devices. Network administrators must strive to make this policy as comprehensive as possible with scenarios outlining what is appropriate usage and what is not. Compliance must be made mandatory but that doesn’t mean the policy should stay in a silo – it should be constantly evolving based on market threats and trends.
Have some red lines – Companies have shut down due to data breaches so it’s important that you don’t inadvertently become a victim due to a careless error. Hence, it’s important to have some red lines regarding usage of personal devices. What these red lines are depend on the nature of your enterprise – it could be a strict non-usage of unsecured WiFi, strict regulation of downloaded applications, no usage of cryptocurrency apps, etc.
Know what to do when an employee is leaving – This is a both an HR issues and a cybersecurity issue so should be dealt with sensitivity. The best practice is for devices to be wiped when their owner is leaving the company but an employee may object to their personal device being examined or wiped for data. Set expectations clearly especially at the joining stage about the tradeoffs employees will have to accept if they want to use personal devices.
Deploy fencing solutions – Try and invest in security solutions which provide a fencing option for personal devices. Hence, employees have clear distinctions between work and personal in their devices which helps in better cybersecurity.
Especially for mobile devices, enterprises can consider Seqrite mSuite, a small and comprehensive powerful tool to manage all mobile devices running on Android and iOS operating systems. The solution allows network managers to get total control over all applications installed on official devices, monitor internet usage patterns, track device location and apply company policies as per the location and time, and provide support through remote device control as well as file transfer
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more