Staff bringing their own technology to work has become the norm. But is it a good thing or a bad thing for companies, and what are the risks?
Bring your own device (BYOD), the practice of allowing employees to use their own smartphones, tablets or laptops for work, has become unstoppable. A recent poll in the US claimed that 80% of employees use a personal device for work-related activities. The figure in the UK is likely to be similar, if not greater. It is not limited to businesses either. BYOD is being adopted by charities, universities and even hospitals.
And BYOD is only going to increase. The growth of wearable tech and the Internet of Things (IoT) means we are becoming more wedded to technology by the day.
Benefits of BYOD to Employers
BYOD has several benefits for employers. A survey by Cisco reports that the average BYOD user across six leading countries saves 37 minutes a week thanks to using his or her own device. In the US this is as high as 81 minutes (no figures are available for the UK).
A big plus for companies is that employees are able to react to client problems in real time (even if they are at home with their feet up) and liaise quickly with team members to resolve issues. One survey claims that the average BYOD employee works an extra two hours and sends 20 more emails per day. Employees have greater flexibility about where, when and how they work and are using this to work harder.
There is also a large cost benefit for employers. First of all, they are saving on hardware (not to be sniffed at when you consider that the cheapest iPhone 7 is £599). Second, they don’t have to pay for training in how to use the equipment. And third, most phone or data costs are covered by employees’ own plans.
Security Risks for Employers
BYOD brings big security risks for employers, though. Here are 4 of them:
1. Breach of the Data Protection Act
The Data Protection Act imposes serious obligations on “data controllers”. One of these to take security measures to prevent the unlawful processing of personal data. Failure to do so carries a fine of up to, wait for it, £500,000. The least a company should do is have a BYOD policy in place setting out for staff how personal data is dealt with on their devices.
2. Lost or Stolen Devices
This is such a huge potential security hole it is a wonder BYOD ever took off in the first place. Research by IMB Security into one million BYOD devices states that nearly 80% of companies put in place only the most basic pin codes to protect the data on their staff’s phones. The potential for hackers to gain access to sensitive company information is enough to give IT managers sleepless nights.
3. Data Hacks
One of the beauties of BYOD is the flexibility it offers. You can log onto Wi-Fi wherever you are and catch up with work on the fly.
The problem with most Wi-Fi hotspots is that they are not secure. A study by HP has revealed that 75% of employee’s devices lacked proper data encryption and 97% had privacy issues.
Without these, your company’s data is at risk. It is surprisingly simple to steal someone’s username and password, and even see what they are doing by having access to the same network.
4. App Attacks
One of the reasons BYOD has taken off is that people love having their email and apps on one device. The problem is that apps can easily contain malicious malware that puts your data at risk. This is such an issue that many IT managers consider it the number one mobile security issue.
There is no doubt that BYOD is here to stay. But for the benefits to outweigh the risks, employers need to put robust security provisions in place. Failure to do so could prove costly.