Saturday, 11 June 2022

Bring your own device: are external devices in your office ever a good idea?


Is your BYOD policy compromising your cyber security without you even knowing it? Here’s how to stay cyber secure while using external devices.

A ‘bring your own device’ policy in the workplace can cause chaos when things get out of control. Since the beginning of the pandemic, cyber attackers benefitted from our changing ‘work from home’ patterns, resulting in a huge surge of cyber attacks in 2020, a trend which we are yet to see reverse. 

Since organisations reopened their offices, and implemented new hybrid working policies, ‘bring your own device’ has become a popular arrangement which enables employees to transition more easily between home and office working by utilising their personal smartphones, tablets, and laptops.


However, most organisations are starting to look carefully at their IT ecosystem for vulnerabilities, and BYOD policies are one of the key areas where many businesses are compromising their cyber security. Anthony Green, CTO of cybersecurity consultancy firm FoxTech, explains:

“External and personal devices are a major chink in many companies’ armours when it comes to protecting against cyber attacks. BYOD means that employees are accessing and storing data owned by the company on devices that are not company property.

“In the IT professions, any device that connects to your network is known as an endpoint. A study by the Ponemon Institute found that 68% of organisations experienced one or more endpoint attacks in 2020, coinciding with the boom in home working. This means that insecure and unprotected personal devices could be a real threat to the security of your data.

“It would be best to not have a BYOD arrangement at all, but this isn’t always realistic with personal devices becoming more and more embedded in office life. With that in mind, there are actions you can take to minimise the risks inherent in using personal devices for work.”

 



Here, FoxTech provides their tips for making your BYOD policy cyber security friendly:

Know the risks

Educating yourself on the specific risks of BYOD is extremely important and will ensure that you don’t sleepwalk into a cyber security crisis. The main risks include:
  • Easier malicious withdrawal of data e.g. users allowing malicious applications to access data
  • Higher potential for accidental data loss e.g. work data being shared in device backups, personal devices being shared with family
  • Higher likelihood of devices being unsupported or out of date
  • Users being less willing to report security incidents because they are worried that their personal data will be intruded upon
  • Increased risk of device theft and loss

Think it through

Don’t make it up as you go along. Just as you should develop written policies around the use of company devices, you need to create rules and obligations around your BYOD scheme. The National Cyber Security centre (NCSC) has an excellent guide to creating a Bring your Own Device policy here.


Work with your employees

One of the biggest challenges of securing your employees’ personal devices is the conflicting interests between the company and the device owners. As personal devices are not company property, the employee has the right to refuse device monitoring and the installation of security features.

Users will commonly worry that the installation of security packages could slow down their device and affect its usability. They may also be concerned that too much company monitoring will infringe on the privacy of their personal data.

For these reasons, it’s important to get your employees on side when it comes to securing their devices. One way to do this is to offer the alternative option of a company device. This means that if employees still choose to use their personal device, they may be more inclined to agree to security measures, as they won’t feel as if they are being forced upon them.

Communicating the risks of BYOD and the mutual responsibilities between organisation and employee will also be crucial to encouraging the safe use of personal devices.


Be cautious with your data

Don’t give anyone more access to your data on personal devices than is required for their job role. There are some aspects of your data, such as an employee’s financial information, that it would be wise to keep within a fully managed environment. When you are planning your BYOD policy, you should conduct an audit of each employee and department to establish where it may not be appropriate. Don’t be afraid to extend the policy to some departments and not others - the key is to communicate why you have made each decision.

Invest in cyber security monitoring

The Ponemon Institute’s annual Cost of Data Breach Report found that in 2021 it took companies an average of 212 days to identify a breach, and a further 75 days to contain it. The faster a breach is identified and contained, the lower the overall cost of the damage will be. This means that if a malicious actor has managed to infiltrate your system through a personal device, there is still time to prevent a full-scale attack if you are able to quickly identify a breach. The best way to monitor your system for potential breaches is to invest in cyber security monitoring by an expert cyber security consultancy.

If you are worried about any of the issues discussed in this article, or you would like to discuss how security monitoring could help your business, you can get in touch with FoxTech here.


Sources

1 68% of organisations experienced one or more endpoint attacks in 2021: The Third Annual Study on the State of Endpoint Security Risk, Ponemon Institute 2020 State of Endpoint Security Final (morphisec.com)

2 In 2021 it took companies an average of 212 days to identify a breach and 75 days to contain it: The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analysed by IBM Security IBM Report: Cost of a Data Breach Hits Record High During Pandemic






Why not Sign-up to Receive these Articles by Email each Day on our newsfeed site

>> Scroll down to read more articles like this which have been published recently on this blog <<

You can also read additional current and archived articles on our dedicated magazine website

Low Cost and Free Publicity - Your company can easily benefit from some publicity like the posts above for a contribution towards our layout costs (£60 to £80 plus VAT), payable in advance or you can receive the service absolutely free of charge if you advertise (see below).

We post articles up to twice a day and never delete them - we only archive them each year so that they continue to remain visible to search engines.

To have your story published - just send us your news item, logo and image(s) and we will review the material, make any necessary changes to the wording / wordcount and then advise you when it will be published.

If you are a regular advertiser in our printed and online publications, placing series bookings for adverts or subscribing to our VIP Packages, you will qualify for a specific number of free postings on this blog while you continue to advertise with us. See our media pack for more details.

Also, if you purchase one of our Online and Print Combo packages, Featured Articles or Advertorial packages shown in our media pack, posting on this blog is included in the price.

For details and rates for all of our advertising options in print and online, download our media pack contact us or visit our website.

Door Industry Journal is a trading style of Avalon Innovations LLP - Company No. OC364751

No comments: