Why BYOD policies are a cyber security issue for business
BYOD and the cyber security issues for businesses
Today’s employees demand the ability to work from anywhere, anytime but this is now creating serious cyber security issues for businesses.
This is especially true when it comes to employees using their personal devices, be it smartphones or laptops, for work purposes and transferring or communicating commercially sensitive information.
Cyber security nightmare
Too many businesses are walking willingly into a cyber security nightmare by introducing these kinds of personal device policies with no particular thought or awareness of the cyber security issues for their business.
Remote working and allowing employees to use their own devices should never be driven by a blind desire to be viewed as cool, or fit in with a particular culture, but should be led by specific business objectives.
It should also be built out through multiple departments – like IT, HR and legal – to ensure robust and understood policies are in place for employees so they know the levels of security to have on their devices, what information should and shouldn’t be sent over certain networks and the consequences of breaching these policies.
Considering that more than half (52%) of 18-25 year olds regularly use the same password for multiple online accounts and services – according to recent government research – far too much of the workforce lack an understanding of cyber security risks, yet expect the freedom to work on any machine they want.
Losing security control
The biggest cyber security issues for businesses, when it comes to employees using their own devices, is that the business loses all control and visibility over what information is being sent over personal devices.
With no idea what information is being communicated a business has no way of knowing what risk they are being subjected to – and may not even be aware if they are targeted at all until it is too late.
Then there is the risk of data leakage and breaches caused by poor personal security on smart devices, as well as the risks caused from downloaded apps, which could cause holes in a device’s security and a path in for cyber-criminals to access sensitive information.
This is not even to be mention the all too real possibility that a device carrying sensitive business data is stolen or lost by the user.
The need for online encryption for small business
Online encryption is not totally out of reach for small and medium businesses, the main hurdle they face is that the current offering is either aimed at consumers – lacking the kind of enterprise features a company needs – or are built for big organisations and governments trying to avoid large scale state-sponsored attacks.
These systems are far too difficult to implement within an SMB environment, leaving these companies worryingly exposed, and is one of the main cyber security issues for businesses. Then there are those businesses which don’t bother with online encryption under the false idea that they are too small to be targeted – oblivious to the risk of automated mass targeting which is most likely to be used by cyber-criminals.
The popularity of the gig economy and remote working all but guarantees that employees using their own devices for work is not a passing phenomenon.
Businesses and security managers must start taking more seriously the risk this is posing to their organisations and the potential for sensitive information to be stolen.
If they don’t, the “Bring Your Own Device” development is a cyber security time-bomb just waiting to go off – so addressing the cyber security issues for businesses is key.
There are multiple security protocols you can implement that will best tackle the issue of employees using personal devices for work purposes. Discover what these are by downloading our eBook below: