What is a BYOD Policy and why is Important to Your Business’s security? | Storm Internet

There are many ways that your business’s security can be compromised from outside your business.

What you might not be nearly as prepared for is an attack that starts on the inside of your business.

You might be prepared for cyber-attacks, data breaches, and other common cyber security concerns but for companies that allow their employees to bring their devices from home – often referred to as a BYOD policy – there can be addional problems.

In this article we’ll look at what a BYOD policy is, and what some of the security risks associated with it are.

What is a BYOD policy?

A BYOD (or bring your own device program) is an increasingly popular policy where an employer allows their employees to bring and use their electronic devices such as cell phones and laptops from home for use in official company business.  More and more people do this nowadays.

The obvious benefit of adopting a BYOD policy is the cost savings attained from not having to provide laptops and cell phones to employees.

While on the surface this saves money and makes life easier for employees who don’t have to lug around and remember work laptops and cell phones in addition to their personal devices it can open your business up to a whole range of additional security issues.

What are some of the security issues with BYOD?

The first issue is violations of personal mobile usage. When you encourage employees to bring their devices from home you are also potentially encouraging them to bring their problems and distractions from home into the workplace. According to a survey by IDG more than half of over 1600 senior level employees interviewed admitted to serious violations of the personal mobile device policies. Distracted employees are more likely to miss or ignore security problems, or accidentally share classified information either with a contact or with another user of their devices such as a child or spouse.

The second issue is what is referred to as the “End node” problem. The End Node problem occurs when a device is used to access sensitive information or networks but also used for regular unsecured browsing exposing the sensitive data to the potential of being breached on less secure networks known as end nodes. These nodes can ferry malware from network to network or may not properly authenticate users leading to a ton of openings for attacks.

When employees use their own devices they are also far less likely to follow best practices for safe internet browsing including but not limited to connecting to public or untrustworthy networks on devices which contain sensitive information opening them up for all manner of cyber attack.

While not related directly to security, BYOD policies also create headaches for IT departments as they must make sure that they only monitor communications directly related to the business and do not infringe on employees privacy, adding to their hours and workload.

Last but certainly not least is the issue of what happens when an employee loses or sells a device which still contains sensitive data. Most people who sell their mobile devices or trade them in do not do a full data wipe to make sure the device is back to it’s stock condition. Additional security breaches can occur if an employee leaves a job but keeps their device. In some cases this can even lead to confusion about who owns the phone number, the company or the employee?

While BYOD policies have gained a little bit of popularity recently they are still only agreed to by about 20% of employees worldwide according to international research.

So what can you do?

If your business has a BYOD policy in place we’d love to hear from you and tell us how it is going. Or if you need any advice then you can fill in the contact form next to the article.

• Train your employees on the potential risks associated with using their own devices and ensure they are regularly monitored.
• Develop a sensible strategy for when employees leave employment.  They may have had access to sensitve data which needs to be wiped from their devices. Ensure this is put in place before they leave the business.
• Do regular security checks on devices.
• Implement an acceptable use policy – this is a great way of ensuring employees avoid distractions and also to prevent them from downloading viruses and other malware.

If you use a BYOD policy in your business we’d be interested to hear from you in the comments below.