How to Protect Your Business From Employee Device Risks

Although bring-your-own-device (BYOD) policies have existed in the workplace for some time, they have never been a more pertinent issue for companies to address with the growing prevalence of unsupervised remote work. 

CTOs and IT professionals everywhere should draw up purposeful guidelines and rules that ensure BYOD policies don’t compromise a business’s security infrastructure. Whether it is a smartphone, tablet or a PC, personal devices are inherently more susceptible to malware and are more likely to be used to break into corporate systems. One network security firm reported a sevenfold increase in phishing emails in 2020, as hackers have clearly been trying to take advantage of our increasingly decentralized workplaces that are too often removed from IT oversight.

Even more alarmingly, 30 percent of organizations today don’t protect themselves against malware for BYOD at all. In order to keep their companies secure, businesses need to realize they can take back control over safeguarding their employees’ devices. To protect business data and ultimately enjoy the benefits that a BYOD work style can bring — like overhead cost savings — here are five foundations to consider.

Establish a Bulletproof BYOD Policy 

A comprehensive list of BYOD rules can help in case of emergencies like data theft or lost devices. When these policies are introduced in tandem with workshops and inclusive support from the IT department, your team is well on its way to mitigating some of the major risks that come with a BYOD workplace. 

In both these written rules and workshops, it is important to explain what users can and can’t do on their personal devices — as well as why those things matter and what to do in case there’s a risk of a breach. After all, a BYOD policy doesn’t do much good if your employees aren’t actively taking steps to follow it at home. 

For example, requiring employees to use two-factor authentication when accessing company data is a simple yet effective way to thwart hackers’ efforts. Email, calendar and contact-management tools are the most popular mobile apps enabled on BYOD, so these systems deserve particular attention.

Make sure to clearly outline which software platforms employees can and can’t use for work, as your IT team won’t be able to track any SaaS applications that staff are using independently. This is a persistent problem for most companies, with an estimated four of every five workers saying they consistently use outside software for their work without prior sign-off from their IT department.

A strong security policy for BYOD will also give your company certain rights of access in case remote wiping becomes necessary due to a hack. This should come on top of antivirus software requirements, mandated software updates and data ownership policies.

Get More Cybersecurity TipsCybersecurity Threats Are Worse Than Ever — Here’s How We Stop Them

Pay Close Attention to Offboarding

When employees leave your company, your data could be more vulnerable than ever if you don’t take appropriate steps. This underlines the need for centralized software solutions — like a cloud platform — that can easily grant and prohibit user access while also allowing your IT team to monitor for any irregularities.

Unfortunately, this is a critical aspect that companies often overlook. But security risks often originate from the inside, as 59 percent of employees steal proprietary corporate data when they quit or are fired.

Cutting off permissions into shared work documents or communications platforms once an employee moves on isn’t the only required offboarding step. Since these ex-employees could have sensitive company materials that were already copied or downloaded to their devices, you need a concrete policy in place that is made clear to individuals in their exit interviews. 

For example, what would happen if a former employee sold their phone that still had spreadsheets or client information downloaded onto it? Any offboarding strategy must make clear that company data will be erased from shared software and is expected to be erased from their own device. Your offboarding process should be explicitly stated to that employee ahead of time — before their last day.

Rely on Secure Systems

According to Mike Meikle, a partner at SecureHIM, email is one of the most notorious offenders of data security. This is because, within the cloud-based service setup, sensitive data is bounced around multiple servers where copies are stored everywhere, giving potential hackers a multitude of access points. To tackle this dilemma, businesses should look to implement an encrypted email client. 

Encrypted email solutions make it so only the sender and receiver can see the contents of a message, and it cannot be intercepted by a third party. An additional benefit is that your company won’t have to use extra programs or training to ensure your email platform is secure, letting workers focus on just sending their emails without multiple steps involved.

Old webmail services may be fine for personal use, but generally, it’s worth investing in a business-class service. For example, a subscription to Microsoft Office 365 covers secure email access for your team, and it’s one of the few cloud-based platforms that meet the minimum security standards for usage in the United States.

Use Software to Manage Mobile Devices

Breaches that open the doors to sensitive company data are difficult to fix, which is why lost devices pose one of the most severe security threats for companies that have a BYOD policy in place. Up to 41 percent of business-related breaches are caused by stolen or lost devices.

That’s why mobile data management solutions (MDM) should be considered an invaluable part of your overall BYOD strategy. Apart from allowing remote auditing or updates, this software has the ability to remotely erase data from compromised devices before any third party can access it from the inside. Only half of the phones that are lost or stolen are ever retrieved again by the device owner — meaning you need a back-up plan in place via MDM.

Any plan for MDM implementation should also be accompanied by proper education and expectations. Because the device owner must opt into giving access to MDM, businesses should ensure that employees enable it as soon as they join the company. Then there should be clear procedures on what happens once a device is misplaced so that the IT team can quickly take all the necessary actions, including a remote device lock, password reset or a complete data wipe.

Separate Personal Use From Business Use

Giving employees the tools needed to establish a barrier between personal and professional uses of their own devices is also vital when keeping your company data safe. As previously mentioned, you don’t want employees using outside software for company purposes, and you need a way to know that all business information is in one spot to keep it safe and wipe it clean in the case of a cyberattack.

To clearly delineate work from personal use, businesses can leverage containerization strategies, which allow them to divide each part of a device into its own protected environment. This makes it easy for the employee to use both, although each has different security policies, applications, and data. 

Because it has the power to truly isolate data by keeping the device connected outside your company’s network, containerization is often seen as one of the most proactive approaches to long-term regulatory compliance. In addition, it lets employees keep their own personal files private from their employer’s view, which will put them at even greater ease.

The Takeaway 

There’s little doubt that BYOD presents both a risk and an opportunity — because when the employee is in control of a device used to access the company’s data, it’s challenging to implement the needed security measures. 

However, with a diligent but human framework in place, companies can trust their employees without having to impose an overly controlling and authoritative system.