We’ve talked before about the reasons an employer may benefit from implementing a bring-your-own-device (BYOD) policy in the workplace, such as cost reduction, improved employee satisfaction, the likelihood of better technology standards, and the decreased time to productivity on a personal device, just to name a few.
But there are quite a few security risks, as well. Most can be mitigated, but they should all be considered before implementing a BYOD policy, along with what actions you’ll need to take to feel comfortable with the risk levels involved.
Risks
Here are some risks to consider:
- The device travels more places. When employees use their personal phone for work, for example, that device is likely to travel everywhere with them. That means it’s likely to be on many unsecured networks and on public Wi-Fi, leaving it at risk of someone gaining illegal access to company data, as well as leaving it at physical risk.
- The device may be more likely to get lost or stolen, along with any company data on it, because the device is going everywhere.
- It’s more likely to be shared by multiple people, increasing the likelihood someone will accidentally delete something or see something confidential. People let family members and friends use their phones all the time to make a call or look at photos, for example, and any time the device is in someone else’s hands, there’s a chance something could happen.
- Employees may be more lax about security on their own personal devices. Some find it cumbersome to keep their phones password-protected, so they may remove that feature, thus leaving data more vulnerable if they fall into the wrong hands.
- Employees may also be more lax about updates on personal devices, which may leave them vulnerable to security threats.
- Data on personal devices may be less likely to be backed up, which may mean important records will be lost if there’s a problem.
- Employees may unknowingly download unsafe apps on their device, which could also put data at risk. A data breach on a device with access to sensitive company files can have huge negative repercussions.
- The risks may continue after an employee leaves because most companies do not have a clear way to retrieve all data from a terminated employee, thus leaving those data at risk while the device is in use.
- It may make it easier for an employee who wants to take confidential information home to be able to access it there from personal devices and transfer it somewhere else.
Employers that wish to implement a BYOD policy may have to mitigate quite a few security concerns, but how big of a risk each poses depends on each organization’s unique situation.