As more and more employees begin to depend upon personal smart devices in the workplace, companies are struggling to keep up. For many, that means implementing a Bring Your Own Device (BYOD) policy. There are several good reasons for this. For starters, having employees supply their own devices, rather than rely upon company-provided ones, can end up saving a business a substantial amount of money not only in equipment costs, but also in IT expenses and employee productivity. At the same time, most employees prefer the freedom, flexibility, and comfort of working with a familiar device. However, BYOD has a few glaring cons to go along with its pros, perhaps the most threatening of which have to do with BYOD security. Here are three security problems associated with BYOD that you may not have considered.
1. Lost/stolen devices
Here’s a quick fact: Every 3.5 seconds, someone in the United States loses a cell phone. A few years ago, back when cell phones really were nothing more than portable telephones, this wasn’t that big of a problem. However, nowadays cell phones are in actuality miniature supercomputers that contain all sorts of sensitive personal data. Now, consider the implications toward a company or business that supports BYOD. The personal employee device that is also used to access corporate information may disappear just as easily and end up costing the company hundreds of thousands of dollars in compromised data. When one also considers that 37% of employees who use their devices for work don’t bother to activate their device’s auto-lock feature, things become even more discouraging. In many cases, all it takes for a criminal to gain access to a company’s most sensitive secrets is to find or steal a BYOD; no hacking required.
2. Unsecured networks
For many of us, it has become second nature to take advantage of free public Wifi networks when they are available. It makes sense; we’re able to decrease internet load times and take the burden off of our personal data plans for a little while. However, public Wifi is, by it’s very nature, completely unsecured. Any data exchanged over an unsecured network is visible to anyone else who happens to be on the network as well. A recent survey from GFI software concluded that 95.6 of employees use open, public Wifi for work-related activities at least once a week. With so much unprotected information being shared across open networks, some is bound to become compromised. With company-owned devices, at least certain security measures may be implemented, but how can a company have the right to dictate which networks may and may not be accessed on an employee’s personally owned device?
3. Phone number ownership
So, say that a company is somehow able to develop a policy that manages to successfully address the previously mentioned security concerns. An employee joins the company, supplies his own device, and works for the company for several years. However, eventually that employee receives a better offer elsewhere, and he leaves the company and takes his device with him. Now, the company may be able to ensure that any sensitive material that has been contained on the device is removed, but what about the telephone number itself? Technically, if the device is owned by the employee, then so is the telephone number, and it should remain with the employee.
The problem is that there will probably be other parties that continue to associate that number with the company. Old clients, other businesses, and even services may contact that number, only to find an ex employee on the other end. This becomes even more dangerous when when one takes into account the possibility of disgruntled ex employees misrepresenting the company in an attempt to cause damage. Additionally, employees who work as salespersons may use the phone number to take existing clients with them when they leave. This may be the number-one thing standing in the way of widespread BYOD adoption.
Hopefully, future policies will be able to solve some of these lingering security issues because with over half of employees using personal devices for work-related tasks, BYOD isn’t going anywhere.