How BYOD Can Affect Your Business
Something that gets asked from us quite a lot is about devices and if they should be provided by the company we are speaking with or the employees of that company in a BYOD (bring your own device) program. Whilst the latter option helps save capital expenditure initially, this can be more costly and burdensome in the long run.
In this article, we like to share with you some of the top risks you will face with a BYOD model, in case you are on the fence about a potential decision of buying new devices for your office or staff providing their own.
Data vulnerability and theft
Let me run you through a scenario;
Casey is accessing company data on her phone. She needs information from a SharePoint folder to write down and create reports with, she screenshots all the data she needs, and it syncs to her iCloud account. It builds up over time as she does more and more reports. As she “doesn’t know much about computers and stuff”, she has a very relaxed security stance on her accounts. Someone malicious has now taken control of her iCloud account and has access to all the sensitive company information she was screenshotting.
The worst thing about that scenario is that it has happened countless times and is actually how many breaches occur in the first place. It also is a risk that many business people adopting BYOD don’t know.
Misplaced or stolen devices
With an incorrectly managed personal device, the person using it could have “1234” as a password or, worse yet, no password (which we have seen on many personal devices). People with the most relaxed attitude to passwords usually have the same attitude to the rest of their security. Passwords or essential information about the company could be on there, and if the device ends up being lost, some of that data could be leaked to the wrong person. With a company-managed device, policies can be enforced that locks the screen in time, ensure a particular strength of the password is available, and location tracking can’t be turned off. On top of that, if a device owned by a company has gone missing, with a click of a button, that device can be wiped and become useless.
Supply chain attack
The back door into your organisation could be through the personal device of one of your employees. As BYOD has little control over personal application choices, the device’s owner could download a malware application or a data harvesting tool. From there, the chain starts, which could lead to your business being crypto extorted or having data deleted from your environment. What is worse is that when someone gets access to your organisation, there could be a massive dwell point (the point of infiltration to the end of detection) that creates a chance for a spear phishing attack or other cyber events.
The choice is yours to have company-controlled devices or go with BYOD. Before making your choice, however, knowing some of the most significant risks associated with each option is always good.