blog hero2x
Data Security & Privacy

What Are the Risks and Rewards of Bring Your Own Device (BYOD)?


By Josh Young Dec 08, 2016

risks byod policy

With smartphones and tablets becoming more and more popular in our personal lives, their creep into the workplace was inevitable. In fact, according to Microsoft, 67 percent of employees are using personal devices in the workplace already -- whether their employer is aware or not.

In response, companies are establishing bring your own device (BYOD) programs that allow employees to use their personal computers, tablets, and smartphones for day-to-day work activities.

What Can You Expect From a BYOD Program?

Productive employees

Research performed by BT Global Services found that of those employees who use their personal devices for work, 42 percent noted productivity and efficiency improvements. And according to one study conducted by Cisco, workers in the United States who use their personal devices for work save 81 minutes each week.

Are your employees aware of the critical role they all play in your company's cybersecurity efforts? View our Security Awareness Training Best Practices webinar to help make sure that they are engaged.

Cost savings

Cisco also estimates that businesses can save roughly $950 per employee each year with a standard BYOD program. However a "comprehensive" program could generate annual savings as great as $3,150 per employee. Further, a comprehensive program can typically pay for itself with hard cost savings, particularly by cutting hardware, support, and telecommunications expenses.

Security risks

Perhaps one of the greatest disadvantages associated with a BYOD program is the increased risk it places on your company's cybersecurity. By releasing some of the control associated with how and when your employees access systems and data, your company offers new opportunities for criminals and malicious outside parties to attack.

One survey of cybersecurity professionals found that 21 percent of surveyed organizations had experienced a security breach through either a BYOD or corporate-owned mobile device. Perhaps more frightening, 37 percent of respondents could not definitely answer whether they had or had not been breached.

The study also found that 39 percent of surveyed businesses had identified malware downloaded to either a BYOD or corporate-owned mobile device, and 24 percent confirmed that employees had connected to malicious Wi-Fi hotspots with these devices.

Further, with a BYOD program, there is increased likelihood that the devices used to access your systems will be lost or stolen. According to a 2014 survey conducted by Enterprise Management Associates, Inc. (EMA),  30 percent of respondents who stored confidential company information on their personal mobile devices "frequently" left those same devices in vehicles unattended.

How Can You Get the Most Out of Your BYOD Program?

Uniform policies

A survey conducted by software security firm Trustlook Inc. found that only 39 percent of employees that used personal electronic devices to access company systems worked at a business with a formal BYOD policy.

The same survey found that less than half had received any direct instructions or security requirements for accessing company systems via their personal devices. This fact is particularly concerning since, according to Kasperksy Lab, half of the world's mobile devices are not sufficiently protected from cybercrime and malicious threats.

You need to develop comprehensive policies that outline how personal devices can be used with company systems. Identify what systems can and cannot be accessed remotely, and consider limiting or denying remote access to more confidential data.

If applicable, instruct them to use a virtual private network (VPN) to access company systems if they are connecting via a public Wi-Fi hotspot.

Employ technology

Mandate that employees who participate in the BYOD program install security software on their personal device. Depending on the sensitivity of the accessed information, you may consider requiring employees to install a mobile device management solution that can enforce PIN code or password requirements or offer remote wiping capabilities.

Actively monitor your system logs and network traffic to help identify suspicious behavior and contain threats before a serious breach occurs.

Comprehensive training

Once your company has a BYOD policy in place, you need to communicate these requirements to your employees. Provide new hires with security awareness training, and offer regular refresher courses to your staff.

Referring back to the EMA study previously mentioned, for those respondents that were not security or IT support staff, less than half received any security awareness training from their current employer.

The Next Step

A BYOD program can offer your business distinct advantages in the market, but no improvement comes without some level of risk. By creating a knowledgeable, security-conscious workforce backed by sound policy, you can better mitigate these challenges.

To learn more about our security awareness courses, you can fill out the form on the right to request a demo.

Workplace Answers &
Click 4 Compliance Join Forces

We’ve created the world’s most comprehensive and engaging online compliance training library for companies around the globe.

Learn more View courses

We're sorry this resource is no longer available, we've redirected you to our Resource center.