How Can You CYA with a BYOD Policy?
You just hired a new VP. It’s day one and she receives a stack of devices from IT. The company uses an Android operating system. She’s a loyal Apple user. You see her later in the week, lugging around two sets of gadgets. Soon she is setting up a digital version of Noah’s ark—lining up her smartphones, laptops, and tablets, two by two. This seemingly irrational routine can be maddening, leaving workers wondering, “Why can’t I just bring one device—my own!—to the office?”
Key Statistics About BYOD
- 78% of employees believe that having a single smartphone helps them balance their personal and professional lives.
- 77% of employees have not received any instruction regarding the risks of using their personal devices for work.
- More than 90% of all companies lack complete awareness about devices that are accessing their networks.
What Are the Benefits of BYOD?
Bring Your Own Device (BYOD) is a growing trend in all types of organizations. BYOD is the policy of permitting employees to use their own digital devices – smartphones, tablet, etc. – for work purposes. There are several significant benefits to BYOD. For example, studies have shown that BYOD boosts worker productivity. Employees are more likely to customize their personal phones in a way that maximizes ease of use. Moreover, workers are more likely to carry their devices with them at all times, including outside the office, making them more accessible to their colleagues. A survey by Cisco found that the average American BYOD user saves 81 minutes per week on work-related tasks. That may not sound like much, but if a company contains a large number of employees, those minutes quickly add up – freeing hours of extra time that can be devoted to other tasks.
Additionally, BYOD can increase employee morale. People have a special attachment to their personal devices and have grown accustomed to using its unique operating system. Furthermore, most workers detest the hassle of lugging around two different devices. A Deloitte study showed that 83% of skilled workers at organizations with flexible IT policies were satisfied with their jobs, compared to just 62% of their counterparts at companies that do not have flexible IT rules. Ultimately, BYOD can lead to greater workplace satisfaction and reduce staff turnover.
When BYOD Goes Bad: What Are The Cyber Risks?
For all the benefits of BYOD, the practice comes with very real risks. If companies aren’t careful, BYOD can quickly become an SOS situation.
- Devices that contain company data can be lost or stolen. Smartphones are often forgotten, left behind at the local coffee shop or bar. If not retrieved, outsiders can potentially acquire sensitive business data.
- Employees are more likely to access unsecured Wi-Fi. Given that workers will be using their devices outside of the office, there is a possibility that they’ll utilize unsecured Wi-Fi connections. This, in turn, makes it easier for threat actors to hack into a company’s computer networks.
- If an employee departs a company under unfavorable circumstances, the IT department may not have the time to wipe their personal device. This allows former employees to retain access to sensitive company data and network systems long after they’ve moved on.
Taking Action: Top 3 Must-Do’s
- Organizations need to establish clear BYOD policies in the workplace. These rules should recognize the benefits of BYOD, while minimizing the associated risks. Policies should educate employees on cyber hygiene best practices, such as two-factor authentication, using different passwords for every website, and only downloading software from trustworthy sources.
- Institutions must monitor and enforce BYOD policies. It’s one thing to ban certain practices; it’s another to actually hold employees responsible for their cyber actions. Too often, security is sacrificed for the sake of expediency. IT managers will have to ensure that workers are not abusing BYOD procedures.
- Companies need to develop an incident response plan. Even the best BYOD protocols will inevitably result in breaches. Institutions that plan for, and practice, responding to hacks of personal devices are better prepared to deal with actual threats.
If you would like help in building your BYOD plan, or understanding other cyber risks, check out our Cyber Resolve seminars, tabletop exercises, and training programs. Let’s discuss how we can help you increase your company’s productivity and employee satisfaction, while reducing your cyber risk.