Bring your own device… bring your own risks.

Why BYOD opens a can of proverbial security worms

by Adam Surridge

Adam Surridge | Account Manager at claireLOGIC

Bring your own device IT policies (often referred to as BYOD policies) are often seen as a way to save money and increase productivity. However, there are both good and bad aspects to this policy.

The pros of BYOD policies

The pros include the ability for the employee to have more control over the device they use, more flexibility of choice of devices, and increased productivity due to using their preferred device and apps – however, this may be a skewed outlook when we zoom out and look at the bigger picture.

The cons of BYOD policies

The bad aspects of BYOD include increased security risks, with possible malware or viruses on the employee’s personal device that could affect company data as well as a lack of synergy between company software and hardware – extended use of shadow IT – and a total lack of transparency.

With BYOD policies, there is a significant increase in the number of potential attack vectors for cybercriminals to exploit. Your IT team (internal or external provider) needs to create an extensive security plan that will protect sensitive data from being compromised by hackers.

The most common attack vectors for BYOD machines are:

  • Malware installed on the device
  • Man-in-the-middle attacks on unencrypted traffic
  • Unpatched or vulnerable software on the device
  • Outdated or unsecured operating systems and applications
  • Insecurely configured Wi-Fi networks

Data leaks with BYOD

A big factor with BYOD is that employees could easily access their work accounts from their personal devices and download sensitive information from the company’s network. This can lead to data loss or theft.

Mitigating the ‘bring your own device’ risks

The use of BYOD policies has increased exponentially in recent years (especially during the pandemic – with the ‘mad rush’ to just keep working), but this historical necessity needs to be addressed, and moreover, rolled back if possible – and depending on the end-user numbers will need thought and consideration and comprehensive rethink of your IT strategy.

Get support today

Get in touch today for impartial help and advice – email hello@clairelogic.net or call us on 01865 989144