Does your company have a Bring Your Own Device (BYOD) policy? Employees are generally more productive when they’re allowed to use their own laptops, desktops, or mobile devices for work.
However, there are security risks associated with having this type of policy.
There are ways to get a handle on security while still allowing employees to use their own devices for work. For example, using a cloud storage service like Box is a great way to eliminate the need for employees to keep volumes of files on their personal devices. When they need a file, they can get it from the account.
Combined with a company policy that prohibits saving passwords, using cloud storage from a service like Box will protect your company’s files from unauthorized access.
Before diving into the other reasons cloud storage makes a BYOD policy secure, let’s explore what the risks are with this type of policy.
There are 3 main security risks associated with a BYOD policy
BYOD policies aren’t inherently insecure – it’s the uncontrollable factors and human error that employers need to worry about most. For example:
-
An unauthorized party might get ahold of an employee’s personal device
Whether an employee’s device is stolen or just used by another family member, that will expose your company’s data to unauthorized parties.
In most cases, family members who share an employee’s device won’t do any harm. However, the wrong person might stumble upon something interesting, and use data for nefarious purposes. This can have costly consequences. For example, data breach settlements arising from a stolen laptop have reached more than one million dollars.
In addition to data, when employees save their passwords to company accounts in their browser, anyone can access those company accounts without entering account information. For example, if someone visits Mailchimp.com, the employee might already be logged into the company’s Mailchimp account.
-
An employee might not take enough precautions to protect employer data
A personal device that goes home with an employee is at great risk of exposing company data to unauthorized parties. The potential for human error is the biggest problem. For example, an employee might head out to work from a coffee shop and unknowingly connect to a hacker’s fake Wi-Fi network.
When that happens, the hacker will have access to everything they type and every website they visit. They might even gain access to their physical device.
Another problem is that people fall victim to phishing attacks all the time. If someone is getting phishing attacks sent to their personal email account, and they get tricked into sharing personal information, it could compromise their entire laptop or mobile device. In that case, anything they have on their hard drive – including company information – could be exposed.
-
Employers forget to remove company data from personal devices
The biggest problem is that employers don’t remove company data from personal devices once an employee is terminated or quits. If an employer doesn’t remove company data, they’re asking for a future data breach.
According to survey data published by The Guardian, 40% of large data breaches were caused by lost or stolen devices. Even more alarming is the fact that 50% of companies with BYOD policies were breached by employee-owned devices.
Considering 60% of companies don’t erase company data from personal devices when employees leave, many breaches can be prevented.
Cloud storage makes BYOD policies more secure
While data can never be 100% secure, cloud storage eliminates several main risks associated with a BYOD policy. For example, if you use Box, you can send people links to files they need and set security parameters for each link. This way, files are never sent over email and stored in someone’s account.
When providing links to people, you can also set those links to expire. In the future, if that person’s personal device is compromised, the links to your company files will be expired.
Why have a BYOD policy if there are security risks?
If you don’t have a BYOD policy, you might be wondering why anyone would create one if there are security risks. Shouldn’t employees get used to using their employer’s computer? Ideally, that would be the best solution. However, forcing employees to use a certain computer can negatively impact their work.
Being familiar with a device plays a significant role in a person’s ability to get their work done. For example, an employee who prefers using a Macbook Pro will struggle if you give them a Windows 8 laptop. The unfamiliarity will disrupt their flow, create frustration, and reduce their productivity.
How to prevent BYOD data breaches
Preventing a data breach is best left to a professional IT security team. However, you can gain some insight from these 30 data security experts on what you can do to prevent a BYOD data breach.
You may be interested in: The Benefits of Desktop as a Service or DaaS