Companies used to provide every piece of equipment an employee needed to get their job done — desktops, laptops, phones; you name it. Now? Not so much.
About 85% of companies have embraced a policy referred to as "bring your own device" (BYOD). BYOD is exactly how it sounds. You connect your personal laptop, desktop, and (or) mobile phone to your company's network, allowing it to access applications and data.
Why remote working has increased BYOD
COVID-19 did two things for BYOD.
First, it physically separated end-users from IT departments. In other words, the only way to provide a user with a laptop, desktop, or mobile device was to purchase it, configure it, and then ship it through an increasingly unreliable postal system.
Second, it indirectly created a massive semiconductor shortage. As such, new (and even used) laptops suddenly became a rare commodity. Pricing and demand for laptops have soared, and some customers must now wait months before a new laptop can be delivered.
To summarize, it's a lot more difficult to provision a laptop for a new or existing employee—and it's a lot more difficult to purchase one as well. Pre-pandemic, BYOD might have just meant your mobile device, but the advent of remote work means that your home PC or laptop may have become your work computer as well.
BYOD was popular even before the pandemic
The 85% figure referenced earlier was pre-pandemic, so the idea of BYOD had already saturated the workplace well before people were forced to work from home. So why was BYOD a popular idea in the first place?
Bringing your own device offers flexibility for employees. Maybe you want to do all your work with a tablet and a keyboard instead of a traditional laptop. If you bring it, you can do it. Maybe your work requires a beefier machine than the standard corporate endpoint, and it's easier to buy your own than to convince IT to get you a laptop with a real graphics card. Perhaps you like MacBooks, but your work only offers PCs. When you bring the device you want, you can acquire the flexibility you need.
Productivity comes with flexibility. Employees who use their mobile phones to get work done can do work anywhere—on the subway, in the back of cabs, riding in airplanes, you name it. And these days, some consumers even have access to faster and more well-provisioned machines than the endpoints purchased in bulk by their company. On average, companies with BYOD experience a 34% increase in productivity.
Finally, BYOD costs less. Businesses that rely on BYOD can save money on hardware costs, software licensing, or maintenance. A study from Cisco shows that companies who opt for BYOD can save over $3,000 per employee per year.
However, companies embracing BYOD should also be aware of the security risks that can come with it.
What are the risks of BYOD?
Devices that you bring yourself are devices that IT and IT security can't monitor as closely. Therefore, BYOD security can be significantly more complex than traditional infrastructure.
Mobile device email security
It's easier to fall for phishing emails on a mobile device. On a desktop, you can hover over links to see where they go, and you can easily expand the contact field to detect spoofed email addresses. It's harder to do this on mobile, so it's easier to fall for phishing attacks. If you’re prone to ‘fat-fingered mistakes,’ it's also easy to send an email to the wrong contact, potentially exposing sensitive information.
Another BYOD security risk is that there's no upper limit to how many devices or applications an employee can use under BYOD. A good example includes having a preferred enterprise file storage application, but an employee uses Dropbox instead. Now you have secure documents sitting in an insecure account, and you don't have any way to detect this.
Obsolete hardware and software
What happens if your employees never update the operating system on their devices? Under the worst-case scenario, attackers detect a vulnerable device on your network and exploit its vulnerabilities to steal critical information.
Almost 30,000 malicious applications have been discovered in Android's Google Play store. These are applications designed to fool the user into providing system-level permissions that allow criminals to control a mobile device remotely and copy its sensitive files. If your employee connects a mobile device to your network and it's hosting a malicious app, much of your data could be at risk.
Last, BYOD can be a liability for regulated industries. Compliance regimes, including HIPAA and the CCPA, require companies to store sensitive data in protected systems. If you're not protecting BYOD, then you could expose yourself to fines and censure in the event of a breach.
How to stay secure when using BYOD
We create powerful security solutions that let users enjoy the productivity benefits of BYOD while preventing data loss and keeping them safe from phishing. Egress Prevent uses artificial intelligence to identify scenarios where a user may accidentally send critical information to an unintended recipient, preventing data loss.
Meanwhile, Egress Defend uses machine learning and natural language processing to detect even the most sophisticated phishing attacks in real time. Book a demo today for more information on how we can help you maintain a secure BYOD program.
How do you create a bring your own device policy?
Creating a secure BYOD solution means establishing ways to support and secure devices remotely, even when they're not in the office. This strategy may involve installing a secure remote desktop agent on user's laptops, creating secure file-sharing programs, and using device fingerprinting to prevent insecure machines from connecting to the network.
How does bring your own device work?
Bringing your own device means using your personal computer, mobile device, or tablet to connect to a corporate network, use applications, and manipulate data.
Is bring your own device a good idea?
BYOD involves some security tradeoffs. On the one hand, BYOD can increase productivity, flexibility, and employee satisfaction. On the other hand, BYOD can entail severe security risks. Make sure that employees taking advantage of BYOD are adequately trained and equipped.