How to stay safe when using BYOD (bring your own devices)

'How to' guides

The rise in remote working has led to an increase in personal devices being used for work purposes. 'Bring your own device' (BYOD) culture isn't new. But employees are expecting more flexibility than ever, which is putting pressure on IT departments. 

For any IT professional, the risks of external devices being used in the workplace might seem like a nightmare, but there are benefits that come with the trend. While personal devices might not have the same security as something set up in-house, they contribute to productivity and help reduce hardware costs.

BYOD means less control over devices, more employee responsibility for updates, and more network vulnerability without the right systems and procedures in place. There are certainly more risks than a traditional setup, but if employees are keen to use their personal devices, it's essential to balance the needs of both the business and the workforce.

Create a BYOD policy

A BYOD policy is vital for avoiding shadow IT and employees trying to get around rules by bringing in their own devices without the IT department's knowledge. Once you've established your tolerance for these devices and the type of access they'll have, it's time to clarify the responsibilities of both the company and employees.

Ask yourself these questions to help define guidelines:

  • What tasks are permitted on personal devices?
  • What data and services are permitted on personal devices?
  • How much control will employees need to (or be willing to) grant you over their devices?
  • How will these policies be enforced?

It's best to start by thinking about what employees can access from their laptops, smartphones, and tablets. Perhaps you'll allow them to submit expense reports but not change their bank details, for example.

Your BYOD policy should include everything an employee will need to know about using personal devices to complete their work. It needs to be easy to understand with clear guidelines that can be followed. This information, alongside proper training, can help employees become part of your cybersecurity defence.

Best practices for BYOD

There are several best practices businesses should consider for any BYOD scheme. These include:

  • Multi-factor authentication: Users have to use two or more forms of authentication to access sensitive applications. For example, both a password and a timed passcode from a token. This can help keep sensitive data safe if a device is left somewhere outside the business or stolen. It’s much harder for attackers to steal two forms of authentication.
  • Encourage good password practices: Training employees on the consequences of weak or easy-to-guess passwords will help improve password hygiene. 
  • Adjust relevant permissions: Employees shouldn't necessarily be able to access everything they might be able to on a work device. Lock down sensitive systems and data by adjusting relevant permissions. The ‘principle of least privilege’ says people should only have access to the minimum amount of systems they need to do their work, making their accounts less dangerous if they were to be compromised.
  • Monitor services and data access: Keep an eye on how employees use work systems on their personal devices.
  • Have clear processes in place: Your BYOD policy should be easily accessible to all employees.
  • Managed apps and operating systems: These allow your employees to log into work systems more securely and operate separately from other apps and systems on the device.
  • Consider remote view options: These allow the user to remotely view their work computer rather than logging on to the company network directly through their personal device.

On top of these best practices, it's crucial to have the right security solutions in place to support your employees. Egress Prevent uses contextual machine learning to analyse both the content and context of all outbound emails. This ensures staff can't send emails that could cause a data breach — be it by mistake or through malicious intent.

Keeping your company safe when using BYOD is all about proper training, best practices, and clear policies to which your staff must adhere. While there are risks associated with using personal devices at work, automation can make life much easier by preventing human error and providing an extra layer of security against social engineering scams such as phishing emails. This protection will allow your business to benefit from increase employee productivity and lower hardware spend.

FAQ

What does the term BYOD stand for?

BYOD stands for 'bring your own device.' This term is the practice of using personal devices at work rather than, for example, a company-issued laptop.

Is BYOD risk-free?

BYOD is not risk-free. There are always risks associated with external devices being used on a business network. However, these risks can be mitigated with the right policies, technology, and best practices.

Is BYOD a good idea?

BYOD has numerous benefits, including reduced hardware costs, increased employee productivity, and improved happiness. BYOD also works well for remote employees who like to use their own devices to increase their job flexibility.