Telecommuting in the workplace has become far more prevalent in recent years as remote technologies dominate the market. In the United States, over 18% of the workforce telecommutes full time. ?It is clear employers are seeing the value of allowing employees to work from home.? While offering countless benefits, this trend also produces some severe challenges, namely the issue of maintaining security when employees are working on their personal devices.?
Bring your own device (BYOD) is the newest concern for IT analysts as employees transition from using a company?s internal hardware to their own devices, especially as they continue to access the same work-related systems and client-sensitive information.
Are you keeping up with the latest technology developments in cybersecurity? Let Cyber Security Resource lead the way!
What is BYOD??
BYOD refers to the trend of employees literally bringing their own devices to access organizational networks instead of a company?s own hardware. These BYOD devices mainly include personal devices such as smartphones, laptops, desktops, tablets, and USB drives that are not currently supported by an organization?s internal IT infrastructure.?
BYOD models are flexible, as companies can choose to allow part or all of their systems to be accessed from personal computers authorized by IT. Some 87% of companies rely on their employee?s ability to access their work over their phone, alone. As new technologies appear, their role in improving the workplace is becoming increasingly more well-known.
Related: What Is Application Security: A Beginner?s Guide
Why Allow BYOD?
BYOD makes life easier for employees and administrators alike because it can save on time, costs, and documentation. Without needing to track and keep stock of every piece of hardware in an employee?s possession, IT departments can focus their efforts on other areas of the company that needs their attention.?
This also has to do with changing cultural attitudes surrounding the workplace; many employers are finding that their team?s productivity remains relatively stable no matter if they work in the office or at home. Companies gain an additional output of over 240 hours of extra work per year from their employees due to allowing telecommuting. The days of the in-office, brick-and-mortar 9-5 shift work may soon be a thing of the past, and tech companies, along with entrepreneurial startups, appear to be leading the way.?
BYOD-centric companies sound almost too good to be true. The unfortunate truth is that, well, it kind of is. When you switch to allowing employees to work from home on their personal devices, security problems may arise.
Why is BYOD Security Important?
Cybersecurity is an issue for companies no matter how much BYOD they allow, but they become much more pertinent when employees work from their personal devices in distinct ways. Furthermore, personal devices are likely to enter the workplace regardless of if they are approved by IT. Yes, BYOD has a documented positive effect on employees and their happiness, productivity, and consistency, but the lack of a firm BYOD security policy opens the floodgates for potentially serious cyber attacks.?
Shadow IT refers to any device, software, or service used by a team or team member that is not sanctioned by the organization?s IT department. BYOD can often be the source of undocumented shadow IT breaches since while they allow immediate access to the system, they can just as quickly turn into a source of a security compromise.
Related: What is Cloud Computing Security? | Cyber Security Resource
BYOD Pros and Cons
BYOD has many great benefits to employees who are allowed to use their devices, but with every creative innovation comes serious consideration for administrators. While accessibility and expediency are improved, security for your network is a major concern. There are pros and cons to this newest trend, and reviewing them will help your team decide if BYOD is a worthwhile endeavor.
Pros
- Faster access to the network
- Access the workplace database anywhere there is an internet connection
- Improve productivity among team members
- Improved workplace morale
- Reduced costs of maintenance and purchasing hardware
- Increased employee retention
Cons
- Possible breaches in security ranging from lost, stolen, or compromised devices that have access to sensitive information
- Devices may not have the necessary precautions like antivirus software or firewall
- BYOD devices may eventually lead to an increase in costs if IT decides to allow support for them.
- Some collaboration issues can arise if certain individuals have apps installed that others do not have access to.?
Stakeholder Buy-In
When looking to implement a BYOD policy, it is important that the policy isn’t blindly implemented without talking with the important stakeholders in the business, and even the employees at large. Various department heads and others should be aware of what is involved with a BYOD policy, and what it means for the company as well as their area within the company.
Additionally, allowing employees in on the process by surveying them on the devices that they will be using helps IT and others plan for security on the devices that will be most used. In this way, they learn the devices to tackle first and prioritize their limited resources. Additionally, you can learn what the employees see as advantageous as well as what they feel are disadvantages.
Essential Elements In A BYOD Policy
There are several items that most experts believe should be a part of a well-crafted BYOD policy for any business. First is a section that defines what applications and assets the employees are permitted to access using their personal device. This is often referred to as an Acceptable Use portion. A second section would be detailing the minimum security controls are required for devices. Third, what company-provided components should be in place, such as SSL certificates for authenticating devices. And finally, a section on the company rights for altering the device, such as allowing remote wiping of lost or stolen devices, or when employees leave the company for any reason.
Don’t forget that a good policy should also provide a clear outline of a service policy for BYOD devices, including what support might be available from IT for employees connecting to the company network, support for applications installed on their devices, and support for resolving conflicts between personal and company applications. Additionally, it should be stated what applications are permitted or restricted, as well as what reimbursements will be provided to the employee for use of their device (versus a company-owned and provided device).
How should IT handle BYOD?
There are various modifications to standard operating procedures (SOP) that a company can take to account for BYOD technologies, such as arranging for two-factor authentication to access databases, encrypt sensitive data, making passwords compulsory on all BYOD devices (and making the passwords long, unique and random), and instituting policies preventing employees from accessing company data when not on the clock. Additionally, there should be ongoing lists of applications that are either blacklisted (because they are known virus or hacking gateways) or whitelisted (because they are used by the company regularly) and this list is easily checked by employees. Additionally, companies should have a way of verifying the installation of security solutions on employee devices, such as antivirus software and updated versions of various applications that the company requires on an employee’s device. However, these checks and balances may still fall short in the event of an intrusion to the system.
IT analysts need to develop a system that assesses risk and allows for frequent, speedy, and accurate documentation. This risk assessment is best accomplished through the use of Cyber Security Resource?s proprietary solutions; our team offers expedient IT security assessment, vulnerability assessments, and penetration testing. We believe no matter if your team is remote or working out of brick-and-mortar that security protocols remain strong and enforceable.
Related: Security Risk Assessment
Final Thoughts?
BYOD and telecommuting are new developments in the workplace, and their pros and cons need to be addressed to allow for effective implementation. Having a happy, more productive team means balancing the known security risks presented by BYOD trends. As it becomes more and more possible and easy to do things remotely as well as on our phones and other devices, businesses would do well to ensure that they have a BYOD policy in place, that it has the buy-in from key stakeholders within the company, and that this policy is revisited on a regular basis to ensure that various sections are up-to-date with the changes to technology and security.
Are you ready to revolutionize your cybersecurity framework? Contact Cyber Security Resource, today!
