How to allow ‘Bring your own device’ at work – without compromising security.

laptop

The proliferation of smartphones and tablets in the consumer market has fueled the rising trend of businesses embracing ‘Bring Your Own Device’ (BYOD) in the workplace. At the same time, it can create a significant cybersecurity risk for businesses that aren’t adequately prepared.

In a survey we conducted among 2,000 UK employees about their cybersecurity behaviors and experiences, we found that one in five have been directly involved in a security breach or loss of sensitive data. The results also show that 91% of the employees who have been involved in a security incident use personal devices to access sensitive systems and data while at work.

An instinctive response from many business owners to reduce the risk would be to prohibit the use of personal devices entirely. However, a third (34%) of the employees surveyed said that the ability to BYOD is a principal consideration when choosing a job.

So, rather than swimming against the tide of employee expectations, it makes sense for employers to find a way to make BYOD work. They can capitalize on the benefits it offers, such as increased productivity and greater employee satisfaction while implementing cybersecurity policies and encouraging the right behaviors to mitigate the risks involved.

Not only did the Covid-19 pandemic accelerate the work-from-home culture, but in many cases it made it necessary for employees to access company networks from their personal devices. Therefore, for organizations who do not have a formal BYOD policy yet, there has never been a better time to implement one – and here are my five key tips.

1. Get stakeholder buy-in

Jumping straightaway to policy creation is often met with resistance. The first step, therefore, is to gain both stakeholder and employee buy-in.

Senior business leaders need assurances that the benefits of BYOD outweigh the possible security risks and require proof of a concrete plan and support for the implementation of a BYOD policy. IT leaders in particular need to be aware of and agree on the level of resource and support that will be committed to BYOD security. Stakeholders can provide diverse perspectives from various departments and interests within the organization. Functions like HR, Finance, IT operations, and the security team should form part of a BYOD project management team to contribute to policy development.

In addition to these stakeholders, employee input is critical for creating an effective BYOD policy. Creating a policy framework with only the business’ interests at heart may result in backlash. Equally, excessively restrictive policies or failing to offer support for the right devices will possibly lead to lower employee engagement and productivity.

2. Develop a clear policy for BYOD

In our research survey, 42% of respondents indicated that their organization does not enforce a security policy to control how personal devices can interact with sensitive information. Yet, this is perhaps the most critical aspect of managing BYOD security challenges. Security policies can be rather complex and detailed, so it’s essential to have a simplified version that’s easy to communicate to employees. The policy should cover key elements such as whether employees can use their personal devices at work or use them for work. The most substantial security risks are associated with the latter.

Although due diligence is necessary in all cases, the policy should also clarify the permitted device types and mandated cybersecurity tools to use in tandem with the devices. The same applies to business applications – include a clear list of approved programs and forbid the use of unapproved programs. Furthermore, it’s important to specify the extent to which employees can request IT support for personal devices.

3. Improve employee cybersecurity awareness

Our survey revealed that nearly a quarter (24%) of employees lack confidence in recognizing cybersecurity threats at work. And since human error is one of the biggest BYOD risks, regular mandatory cybersecurity awareness training must be at the heart of any security policy. This will help employees recognize common threats such as phishing emails and suspicious links. Knowledge of these threats is critical in a constantly evolving landscape.

Awareness must also become part of the working culture. Share best practices on the security elements employees are constantly exposed to, like password protection and usage. Make cybersecurity training part of the onboarding process for new employees, including how to use any necessary tools.

4. Ensure access to critical cybersecurity tools

Our research exposed a startling lack of ready access to critical cyber security tools. Only around half (or less) of employees have access to crucial tools such as multi-factor authentication (45%), web filtering (47%), laptop encryption software (50%), and virtual private networks (52%).

It’s no good simply making these tools available since not everyone is naturally tech-savvy. The business needs to implement a strategy to ensure employees actually adopt and use them. They’re no longer the exclusive domain of IT security specialists. All employees must be well-educated in how to correctly use cybersecurity tools if the organization wishes to steer clear of risk.

5. Monitor and review regularly

Although this point may seem obvious, it’s one of the most important. Remember that most cybersecurity processes are not based on a ‘set it and forget it’ approach. Businesses need to constantly track their effectiveness and make regular updates and improvements – especially as the cybercriminals never stand still.

The rise of loyalty apps

Sue Azari • 17th January 2025

Increased choice and a consumer more price sensitive than ever before, has made customers far more likely to shop around for the best deals. Price is now the number one factor in brand consideration. In an effort to bag a bargain, loyalty programs have become increasingly popular with consumers, with nine out of ten in...

Rocket launch challenges Elon Musk’s space dominance

Professor Sultan Mahmud • 16th January 2025

Amazon founder Jeff Bezos’s space company has blasted its first rocket into orbit in a bid to challenge the dominance of Elon Musk’s SpaceX. The New Glenn rocket launched from Cape Canaveral Space Force Station in Florida at 02:02 local time (07:02 GMT). It firmly pits the world’s two richest men against each other in...

Giesecke+Devrient launches new Smart Label at CES 2025

Giesecke Devrient • 06th January 2025

G+D has today launched the G+D Smart Label, its innovative tracking solution that transforms any package into an IoT device. Ultra-thin and only slightly larger than a credit card, the new Smart Label proposition has been jointly developed by G+D in conjunction with its hardware partner, Sensos to enable cost-effective, accurate location tracking for a...

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...