BYOD: Bring Your Own Device or Damage?
By Johann van Rooyen, Senior Technical Advisor, Green Enterprise Solutions (Pty) Ltd
Tablets, smartphones, iPods, MP3-players, USB flash drives, you name the device and people in Namibia have them. Employees or ‘ end-users’, if you will, will bring their own devices to work and not hesitate to connect to company’s wi-fi or directly plug the device into the organisation’s network. This is known as BYOD or “Bring Your Own Device,” a phrase that refers to the practice of allowing employees to bring their own mobile devices to work for use with company systems, software, networks, or information. Sometimes with major repercussions for the organisation, however we should also look at the benefits that it brings.
BYOD has become a huge trend amongst enterprises, with nearly one-third of employees using personal devices at workplaces worldwide. The key benefits it can provide an enterprise, include increased productivity, reduced IT and operating costs, better mobility for employees, and higher appeal when it comes to hiring and retaining employees. For BYOD to be a success security measures need to be adapted and operating policies need to change. Administrators needs to be aware of application compatibilities and security policies.
So, although BYOD seems to be “free and mobile”, there need to be newer advanced policies implemented and administrators need to think differently about how connections are now being made. It can be hugely beneficial to the employees, their mobility and raise efficiency and effectiveness of the employees as long as it takes place within a secure network system.
However, there’s a delicate Risk/Reward balance that needs to be examined BYOD can lead to data breaches and increased liability for the organization, where we no longer look at Bring Your Own Device, but it becomes Bring Your Own DAMAGE! It is not just companies, but Government, Ministries and all organisations that use ICT in one way or another are at risk.
The downside, of course, is that there are a number of security risks with BYOD…which can lead to serious Damage:
Hardware: With corporate-sanctioned and provided devices, the company has direct control over the specific phone hardware choice, and it is usually checked and meets corporate compliance needs, providing the organisation has compliancy rules. Which every Namibian organisation should have incidentally. When companies provide phones and other devices to employees, those devices are typically provisioned with default configurations that meet corporate policies.
Malware: When employees bring their own devices, they bring whatever is on those devices to work as well. Since the device is often used for personal business too, devices could well be at risk from malware and other cybersecurity risks that didn't originate within the company. Viruses, data leaks and malware are all a real possibility. The risk of BYOD users bringing their malware with them should be a major concern to the organisation. The whole ICT-System could become vulnerable and compromised.
Data exfiltration: Beyond the risk of potentially introducing malware into a corporate environment, BYOD also exposes the company to the risk of data loss or leakage. With a corporate provisioned device, by default it should have security controls in place. With unmanaged BYOD devices, a user that gets unfettered access to a corporate network could take whatever they have access to and bring it with them outside the company. And that device could be stolen or lost too.
As long as companies and organisations, both large and small have a proper compliancy plan in plan, sufficient safeguards against viruses and their Wi-Fi is properly protected, bringing your own device can be a force for good and make your employees more independent, able to work remotely and help grow your business. You will be safe and secure in knowing that BYOD does not mean Bring your Own Damage.
Recent Information Security News
The dark side of apps21 Aug