Bring Your Own Device (BYOD) – what are the risks to businesses?

While BYOD may help to overcome such changes in how we work, there are also significant risks that cannot be ignored.

E2E Technologies develop IT infrastructures that facilitate agile ways of working for businesses. When it comes to BYOD, we advocate caution and implement strategies that mitigate risk for our clients.

To get a rounded picture of its impact, we’ll firstly take a look at the advantages of BYOD.

The benefits of BYOD

• Flexibility for ways of working – BYOD allows employers to offer remote or hybrid working whereby employees log into the company’s IT network. This can be instrumental in attracting the best talent, boosting employee satisfaction and retaining staff whose circumstances may have changed since being brought into the business.

• Increased productivity – BYOD workers can log in when working away from the office or when commuting between appointments. Previously this would have been wasted downtime with a negative impact on productivity.

• Reduced hardware, software and maintenance costs – If employees are using their own devices, the company is no longer required to purchase the necessary hardware or regularly maintain them. They also don’t need to cover the cost of software licenses or the time of IT departments to investigate problems with a  device.

BYOD – the risks to businesses

While BYOD may provide the agility that many businesses now need and employees have come to expect, it presents several risks to businesses that are often overlooked.

Security breaches

This is the main risk associated with BYOD. Typically, personal devices are less likely to have the same level of security software as a business-owned device, or undergo the regular updates that are required to keep a device secure.

The responsibility for safeguarding a personal device with passwords and antivirus software falls on the employee who owns it. The IT department doesn’t have the control over safeguarding that they would have with company owned devices.

The upshot is that the personal device is more vulnerable to security breaches such as malware and viruses that can be unwittingly downloaded from various apps and spread throughout the company’s network.

• This can result in data losses that are damaging to the company and its reputation.
• The cost of reinstating the infrastructure to its original position can be prohibitive.
• If dealing with customer personal data, there could be legal battles from which the company may not recover.

Likewise, private and sensitive business information can be easily leaked from devices that are not properly managed and therefore unprotected.

In the event that a personal device is lost or stolen, there will be concerns about the lack of data encryption which also increases the risk of data theft.

Company leavers

A disgruntled employee who leaves the business and has used their own device for work poses another risk for businesses. Even if there is a policy for all company data to be removed from a personal device when an employee leaves, there is no guarantee that all of it will be wiped. That employee can share information with a competitor or sell the data.

Even if they do remove it all, or they leave on good terms and therefore pose less of a risk, it is likely that the deleted data can still be easily accessed by a knowledgeable hacker.

Privacy of employees

Employees of BYOD organisations risk inadvertently sharing personal data. It’s not too difficult to accidentally show personal documents or web browsing when sharing a screen in an online meeting.

Another privacy issue arises if the employee uses their own smartphone for work calls or WhatsApp, so has to give out their personal number to colleagues and clients, suppliers or external organisations. This presents a privacy dilemma which employees may not be comfortable with, and if misused by those work contacts, it could cause problems for the company as well as distress for the employee.

Compliance

Some industries have more compliance protocols to satisfy than others. For the likes of healthcare, law and finance companies, the regulations are there to safeguard personal data. It is the responsibility of the company to adhere to compliance criteria, even when information is held on an individual’s private device.

An IT department can ensure that all company-owned devices meet compliance criteria, but because of the security issues discussed earlier, there’s a much greater risk of compromising compliance regulations when using a personal device.

If an employee agrees to the enforcement of compliance software on their own personal device, it becomes very complex to implement it, compared to installing the same on a business-owned device.

Legal wranglings

BYOD risks putting companies in the middle of a legal battle when there is a need to search an employee’s device for whatever reason. The kind of problems that could unfold are:

• It transpires that the employee also works for someone else which contravenes their employment contract. This will be particularly difficult if there is a conflict between the two companies.
• If an employee who is leaving the company willingly surrenders their device for it to be wiped of all company information, but the IT department inadvertently deletes some personal data or documents.
• When an involvement in crime is discovered on an employee’s device.
• If an employee’s device is seized in connection with a crime while it still holds company data.

In all such cases, the company will have to seek legal advice which is costly and can pose significant risk to the safety of its data and the privacy of its customers.

Reduced productivity

While BYOD is often perceived as boosting productivity, it can also result in reduced productivity. Personal devices hold a host of potential distractions including apps, web browsing and personal emails. When using company devices, employees are forced to enjoy social media and personal browsing in their own time. When using a personal device for work, the temptation to be side-tracked can impact productivity significantly.

Speak to E2E about BYOD

When managed efficiently with appropriate protocols and security in place, the benefits of BYOD can outweigh the risks.

E2E Technologies is a Managed IT provider that is used to helping businesses to integrate BYOD into their IT infrastructure safely and securely. Speak to our team about this and any other IT requirements.