It’ll come as no surprise to hear that, today, we’re rarely without some kind of personal computer on our person. Whether it’s a laptop, tablet or smartphone, such devices have become an integral part of our lives. In fact, latest estimates suggest that 87% of the UK population own a smartphone.
No longer are our mobiles solely for making calls, we can now access almost anything we want; all in the palm of our hand.
The ubiquity of these devices means that they’re rarely away from our side, extending the office and allowing us to answer emails, check social media, or take calls any time, anywhere.
Clearly, there are huge advantages for a business to leverage these personal devices, especially in an era when many teams are splitting time between the home and work office. 95% of organisations allow personal devices in the workplace in some shape or form, and it’s easy to understand why.
Many employees prefer to use their own devices due to convenience and remote working. study conducted by Microsoft found that 67% of employees use personal devices for work purposes.
However, there are security risks that come with employees bringing their personal devices into the workplace.
In 2021, research found a 50% increase in corporate cyber attacks per week (2020). This is a statistic that continues to grow as cybercriminals continue to attempt to breach network security and access information systems for financial gain.
Employees who use unsecure personal devices when accessing work information can pose a significant risk to the cyber health of companies. It only takes one unsecured device to give cybercriminals access to an entire network. For example, if an employee downloads a malicious email attachment or visits an infected website on their personal laptop, the entire company network could be compromised.
What potential risks can you face?
Some of the risks organisations can face when unsecured personal devices are used include:
- Company data breaches
- Accessing or downloading unsafe apps or content
- Malware infections
- Unauthorised access to data and systems
However, with the right precautions in place, organisations can allow employees to use their personal devices at work without putting the company network at risk; with many organisations now implementing a ‘BYOD’ policy, but what is this?
What is a Bring Your Own Device (BYOD) policy?
The National Cyber Security Centre defined ‘BYOD’ as ‘the concept of employees using their personally owned device(s) for work purposes’.
With a BYOD policy, organisations have ownership of the accessible data and sensitive information, but the personal device is the property of the employee.
Having a robust BYOD policy is an important factor in keeping company data secure. However, there can be challenges and risks when it comes to BYOD.
Can you mitigate ‘BYOD’ risk?
To mitigate the risks associated with using personal devices in the workplace, there are a few things your organisation can do, such as:
- Having a clear and concise BYOD policy in place, ensuring that all employees adhere to it
- Educating and communicating the risks of BYOD and the importance of a BYOD policy to employees
- Providing employees with guidance on which devices are suitable for work purposes
- Implementing strict security measures, such as two-factor authentication, across every personal and company-owned device in your organisation
In this day and age, it is inevitable that personal devices will be used in the workplace. However, research by Trustlook in 2016 found that only 39% of companies have a formal BYOD policy in place, and 51% of employees received no BYOD training.
This lack of policy and training poses a major security risk to organisations; this is why it is so important that organisations not only increase awareness, but also educate and train employees on cybersecurity.
At Bob’s Business, we build brilliantly effective training programmes for all employees, reducing your risk of data breach. Book a free consultation to discuss how we can help you reduce risk within your organisation.