Top BYOD risks

If your business does decide to allow employees use of their personal mobile devices for work purposes, you should be aware of the following risks:

1. Data theft

If you let your employees use their own devices unchecked, it’s likely that some of the personal applications they use may not be as stringent with their security requirements. If an account they have for personal use is hacked, it could ultimately end up exposing corporate data and confidential information.

Cybercriminals are always looking for opportunities to steal potentially valuable corporate data and improperly managed personal devices can provide the perfect opportunity. BYOD software can help MSPs significantly reduce the risk of data theft by allowing technicians to gain visibility into managed devices in order to spot suspicious activity or monitor application usage.

2. Malware

Employees use personal devices to download various types of information and files, such as PDFs and applications. If an employee isn’t carefully distinguishing between valuable corporate data and data used for personal purposes, this could compromise security. For example, an employee might download a game to their mobile device that carries a hidden virus or malware. This malware could then be passed onto the company network when the employee next logs in from the infected device. Implementing strict usage policies can help mitigate the risk of malware infiltrating corporate systems.

3. Legal problems

The reputation of a business, particularly an MSP, can be irreparably damaged in the event of a security breach. Customers expect MSPs to protect their devices—so if an employee-owned device results in a leak or breach of corporate data, this could have serious ramifications, including the possibility of litigation.

Defending against legal challenges can be extremely costly and may even bankrupt smaller organizations. This is why MSPs need to be proactive about precautions when it comes to establishing BYOD practices for their clients. Furthermore, we highly recommend you work closely with legal counsel on developing any documents around bring your own device policies.

4. Lost or stolen devices

If an employee’s device is stolen or goes missing, the best-case scenario is that this is an inconvenience. But in the worst-case scenario, you’re dealing with a complete disaster. If the employee wasn’t following corporate security protocols when using their device, loss or theft could cause a major breach. For instance, the employee might be storing their passwords (both personal and corporate) in an unsecured notes application, which would make it easy for someone who acquires the device to hack corporate accounts.

Even if the employee followed policy down to the letter, hacking technology has become so sophisticated in recent years that a robust password or fingerprint authentication requirement may not be sufficient to keep them locked out of the device. Mobile device management (MDM) software can provide a solution to this problem, often allowing companies to remotely wipe the device so hackers don’t have the opportunity to access sensitive data.

5. Improper mobile management

When a staff member leaves an organization, a vulnerability can be created if they continue to have access to company applications from their personal mobile devices. To help ensure an employee can’t continue to access a system or app after they leave the company, it is crucial that companies are able to reset passwords and revoke access as soon as the employee is no longer authorized. If a security breach does occur, a company should also have systems in place to enable them to track down the device responsible.

6. Insufficient employee training

Many security issues and breaches are caused by human mistakes. This usually happens when an employee doesn’t fully understand the corporate policy, particularly when it comes to the importance and details of device security. When training employees in device security, you should consider how best to disseminate information. For example, you might implement quarterly training sessions or have an employee read and sign a document stating they are aware of company policy. Keep in mind that insufficient training will likely result in unnecessary employee errors, which could compromise your company’s security.

7. Shadow IT

Shadow IT involves information technology being managed outside of the company’s IT department without their knowledge or permission, and is a mounting concern in business environments. This happens more than you might think, as 80% of workers admit to using SaaS applications at work without getting approval from IT. When employees bring in consumer-grade technologies and products without the supervision or management of the IT department or their MSP, a number of problems can be created. Any software or hardware an employee introduces without your review or approval introduces potential risk, whether that’s a USB drive with potential malware on it or an open-source application with low-security standards