Last year, Markets and Markets Research released a report that revealed that 50% of companies were considering the use of BYOD (bring your own device) policies. IT departments were tasked with developing a policy that allowed employees to use their personal devices without endangering the security, but things seem to have changed. More and more companies are moving toward company-owned devices – but why?
Most people think it would be cheaper for a company to have employees bring their own devices, but there are some hidden costs involved. One, of course, is the loss of productivity which we’ll discuss more in a moment. Given that BYOD devices can raise the probability of an organization suffering a cyber attack, there are also costs that can be traced directly to the fallout of a data breach. The potential cost of a data breach can easily be calculated using a tool like this one from IBM.
When employees bring their own smartphones, tablets, and other devices to work, those devices are going to be a distraction. The temptation for employees to check out social media sites such as Facebook and Instagram or to play games on their phone during working hours are even worse if they are already using their personal device for work-related tasks. While being forced to use a company-owned device isn’t going to eliminate this problem, it will at least reduce the temptation to waste company time. It will also discourage the use of electronic devices to access inappropriate material while at work.
Employees who are accustomed to using their own phone to access company email are, by force of habit, going to be less likely to be cautious about opening phishing emails or files that could contain malware. If an employee isn’t in the habit of carefully checking out emails before they open them for their personal email on their device, they aren’t suddenly going to become careful about company email they open on the same device. Employees are likely to be more careful with a company-owned device, in part because they don’t want to be blamed for putting the company at risk.
Remote Wiping of Personal Devices
If a device is stolen, there is an extremely high probability that sensitive data will be on that device. One solution that many IT departments depend on for dealing with device theft or breach is a remote wipe. While this is an excellent idea for devices that belong to the company, employees will not like the threat of having their personal device remotely wiped without warning. The loss of personal information such as contacts, pictures, and messages could not only anger the employee involved but lead to potential lawsuits.
Too Much Reliance on Non-IT Employees
When employees are allowed to use their own devices, there is a major shift in responsibility. In most cases, it is simply not possible for IT to ensure that every employee device has the right security measures in place and that they are updated on a regular basis. When employees fail to do this and a breach happens, IT will most likely receive the blame. IT should not be held accountable for risks they cannot reasonably control. Company devices in the hands of those who truly understand cyber dangers are safer as long as they have access to the tools needed to minimize cyber risks.
In 2016, researchers discovered that 56% of respondents felt that BYOD was one of the biggest threats to endpoint security for their organization. Another study indicated that 20% of organizations had experienced a breach related to BYOD, which doesn’t bode well for its continued use. One of the major reasons behind companies moving away from BYOD policies is undoubtedly the threat of ccyber attacks A company may have the most bullet-proof BYOD policy possible, but if it cannot be enforced or if employees can find ways to work around compliance, then those BYOD devices become a major threat.
There are pros and cons to both the BYOD approach and the company-owned device approach. Quite a few companies are easing off on their BYOD policies, implementing partial BYOD or eliminating it completely. Reasons behind this change include:
- Employee productivity issues
- Employee bad habits
- Physical theft of devices
- Reliance on non-IT personnel to avoid security threats
- Increases in cyber threats as more employee-owned devices are put into use
Add all of these issues to the fact that employees may be annoyed at having to supply their own equipment for work and it is easy to see why many organizations have realized that BYOD is not a good fit for them. Whether the widespread implementation of BYOD continues to grow as predicted remains to be seen.