There is no doubt today that the workforce is becoming mobile, and even “virtual.”
Long gone are the days when an employee had to show up to the traditional office building, and work from their desk. Now, employees can work from anywhere and at any time, without having to show up to their cubicle.
From an iPhone or a Samsung device, an employee can literally conduct their everyday job functions, whether it is from creating documents to spreadsheets to even holding meetings on Skype or WebEx.
Employers are now letting their workers use their own wireless devices, without distributing company issued ones.
This type of policy is known as “Bring Your Own Device”, or “BYOD” for short. There are certain advantages to this; but there are also inherent security risks as well, which need to be taken into consideration:
1) The risks of corporate information being released:
When an employee uses their own smartphone to do their job tasks, there is a much greater chance that your trade secrets, intellectual property, or any other sensitive data could be released unknowingly, or even intercepted covertly by a third party.
The primary reason for this is that employees very often do not keep their smartphones up to date with the latest software patches and upgrades. Also, unencrypted network connections are used, such as public Wi-Fi hotspots. As a result, a cyber attacker can very easily tap into these unsecure channels, and steal your information and data.
2) Less control over personal wireless devices:
When a company issues their own smartphones to its employees, there is some degree that the appropriate security mechanisms will be implemented onto them. This includes encryption, making sure that the devices are up to speed with the latest upgrades and patches, and that Two Factor Authentication (also known as “2FA”) is installed. But when an employee uses their own smartphone or other wireless device to conduct their everyday job tasks, the business owner will then lose control over installing these protective mechanisms. After all, you cannot make an employee install them onto their own device if they do not want to.
“97% of BYOD devices have privacy issues, and 75% of them have inadequate data protection.”
Also, with a company issued smartphone, if an employee loses it, you can quickly and easily issue a “Remote Wipe” command. This will instantaneously delete all of the corporate information data that resides on it. However, this command cannot be used with a smartphone that belongs personally to the employee.
3) The mixing of personal and corporate data:
When an employee uses their own smartphone, the risk their personal stuff being mixed in with corporate information and data becomes much greater. With this, there are increased chances that proprietary communications could be mistakenly sent to the wrong party.
Also, there is a higher probability that malware or spyware could be covertly deployed onto the BYOD device, thus not only exposing proprietary corporate material, but your entire network as well. Keylogging software could also be installed by a cyber attacker, and as a result, they can also gain access to the usernames and passwords of your other employees.
These are some of the top threats that a BYOD device can bring to your corporation or business – obviously there are more.
One of our future posts will closely examine the steps that you, the business owner, can take to mitigate the risks of BYOD.