BYOD Security – A Workplace Risk?

Posted in Blog

Glenn Laga

BYOD (bring your own device) is the policy where employee-owned devices are used in a business. Smartphones are the most common device used in BYOD settings, although laptops, tablets, and USB drives are also commonly brought into the workplace. Although BYOD security policies can appear to be cost-friendly and decrease the labor of IT teams, their adoption among businesses nationwide has not flourished as expected.  In fact, the percentage of businesses that prohibit BYOD has risen from 34% to 53% from 2013 to 2015 respectively. Why is BYOD adoption unpopular?

A significant contributor to the hesitancy of BYOD in the corporate world is the security risk that employee-owned devices bring to a business including:

• Mobile phones and tablets are the most vulnerable to cyberattacks, putting greater dependence on IT teams.
• Employees can download mobile apps and connect to enterprise networks without proper security protocols intact.
• The storage of personal data and business data on the same device can mix and expose information.
• Employee-owned devices can be inadequately cared for, meaning lost or stolen. A majority of security breaches occur when a device is stolen, so companies that do implement BYOD policies must establish encryption strategies.
• Employee attrition means that BYOD devices disappear with the employee. How can you securely regain your data when it’s not technically on your property?
• Many companies don’t have a policy governing secure, compliant electronic data destruction when it comes to their own equipment, much less extended to BYOD equipment. Understanding liability and ramifications of a security breach that could happen from an unused but poorly misplaced mobile device is the first step of creating a BYOD policy that includes data erasure or shredding.

The most basic problems about BYOD usage is that there is no company or industry policy or operational standard governing which devices and how they’ll be used.  Many enterprises haven’t prepared their IT teams with the operational guidelines and tools needed for mobile devices, access and firewalls to combat threats of data security specific to employee-owned devices.

Do you use BYOD at your workplace? How does your company protect against data breaches? What is the method of erasure or shredding for data destruction for BYOD that have been used?