Making a Decision on BYOD
With many teams forced to adapt to remote ways of working, so too have the IT teams that defend networks and company data from outside attack – a task made difficult due to the radical speed in which businesses were forced to alter their working policies. Many employees now working from home are using personal devices such as smartphones, tablets and laptops – many of which are still unsecured by company IT and security teams from outside threat, such as phishing attacks.
With a multitude of personal devices now having a direct link to company networks, the use of a BYOD (Bring Your Own Device) managed programme can help to mitigate vulnerabilities that would be exposed by an unsecured device, and also yield some positive results for employers. But what should IT and security decision makers consider when it comes to making a decision on BYOD?
Who uses a BYOD?
A study from Statista has found that, in the UK, 60% of companies in the financial and insurance sectors utilise a BYOD programme. It has also been found that 87% of companies are dependent to some extent on their employees’ ability to access mobile applications for business from their smartphones; statistics from a survey by Syntonic has found that, in businesses with over 1000 employees, 44% are highly reliant upon their personal devices for work purposes.
A BYOD setup can and has been beneficial to other sectors of organisations too: in recent months, Kinkora Regional High School in Prince Edward Island, Canada has implemented a BYOD setup for students and staff and reported great successes. Spokespeople at the school have found that it offered students more accessibility to online resources, and has been invaluable in the continued shifts between in-person and remote schooling. With the majority of students owning a phone, students are able to use their own familiar devices to help research, organise and plan their days, without being subject to distractions from non-educational sites like Snapchat, TikTok and Netflix during the schooling day.
When considering a BYOD decision, organisations need to be aware of the communications, data, and information they are accessing and using via remote working devices. For enterprises that supply services to governmental departments, or governmental departments themselves, a BYOD programme could prove too unsafe due to the nature of intel interchanged between workers. In a situation like this, a stricter security system set up as an MDM like Serbus Secure on alternate devices altogether, and with exclusive business use, may be a more prudent option.
Where does the risk lie?
As it stands in the present day, many organisations have only considered the risks of employees using personal devices for home-working. Whilst this is a minority figure, and the majority of businesses are becoming increasingly enlightened to the vulnerabilities posed by an unregulated BYOD operation, it is still vital for organisations to undertake a comprehensive risk assessment into their current state of employee personal device for business use. A report from CISCO has found that 57% of employees use their personal devices without employer consent; organisations can no longer turn a blind eye and must make a conscious decision on whether to tolerate use of personal devices, before accepting the inevitable consequences, or organise a cohesive policy that employees can follow easily. A survey conducted by Trustlook has found that, of workers using BYOD in the workplace, approximately half have not received any instruction on acceptable use.
Many IT and security leaders face obstacles when considering the management of a BYOD programme. Altering IT infrastructure to suit the requirements of the device environment and then educating employees on acceptable usage are among the largest considering factors. Alongside this, the continued upkeep, support and patching of a widespread device system adds extra vulnerability to the business network if not maintained.
What are the benefits of BYOD?
Fortunately there is a lot of data at IT and security leaders’ disposal when it comes to weighing up the pros and cons of a BYOD setup. The real challenge comes in evaluating potential impacts and costs against organisational requirement and future threat. A Frost and Sullivan study found that using personal devices for work saves employees an average of 58 minutes per day, also showing a 34% increase in user productivity. Alongside this, findings from the same study also concluded protecting secure information in order to reduce future risk, and to save money were amongst the top reasons for BYOD implementation. This is proven by a CITO Research report that found just over half of a group of polled workers (53%) felt they were more productive and satisfied at work when using their own devices and interfaces.
Of course, there are other reasons behind BYOD implementation in other organisations. These include, but are not limited to: those who have been victims of a security breach because of compromised devices in the past; to conform with legal requirements and, most crucially, to allow the organisation to better understand how smartphones and mobile applications are used within their organisation. Understanding the value of device use and the nature of the interactions and data sent between employees can help IT and security teams to clearly monitor and detect any breaches of data, GDPR or vulnerabilities that could lure cybercriminals or advanced persistent threat (APT).
What are your organisation’s requirements for remote working devices? At Serbus, we specialise in securing the remote worker, offering tailored solutions that extend to the highest level of security at government-grade. Our expert team is trained to deliver the greatest degree of support and manssssagement (if required) to our customers.
Get in touch today to discuss your needs and learn more about our BYOD options. For enhanced, advanced device security requirements, talk to us about our Serbus Secure suite today. Email [email protected], or call our office on +44 (0)1432 870 879.