Why BYOD culture poses a major risk to enterprises
By Max BurkhalterApril 13, 2020
The business world has always been propelled forward by new technologies and innovative IT practices, but a recent trend in workplace culture may threaten the security of modern enterprises.
Bring-your-own-device (BYOD) policies encourage employees to use their personal computing devices - smartphones, laptops, tablets, etc. - to complete their work or access data remotely, according to IBM. While this practice may provide more flexibility and convenience for users, it also comes with a variety of inherent risks that organizations must carefully consider.
A brief overview of BYOD
The BYOD concept first rose to prominence in the late 2000s, when personal computers and mobile devices started making their way into corporate offices naturally. At first, employers were skeptical about allowing workers to connect their devices to corporate networks. But over time, many businesses realized that BYOD policies could help them cut costs and operate more efficiently. As noted by a 2019 article from Forbes, encouraging employees to use their personal devices at work comes with several tangible benefits:
- Reduced IT costs: BYOD policies can help companies lower their IT expenses by replacing on-premises workstations with employees' personal computers. This is particularly valuable for smaller businesses that might not have room in their IT budgets to purchase new hardware or upgrade their existing infrastructure. According to research from Cisco, organizations that favor BYOD culture save $350 per employee, per year on average.
- Enhanced productivity: Allowing employees to use personal devices they're familiar with can also help eliminate operational inefficiencies and common technical issues. For remote workers and those who frequently travel, BYOD policies are an essential part of managing projects and collaborating with in-office peers. One study conducted by Samsung (in partnership with Frost & Sullivan) found that using portable devices for "work tasks" can save an employee 58 minutes per day while increasing their productivity by an average of 34%.
- Improved employee satisfaction: The BYOD trend is largely driven by user preferences and the evolving needs of today's fast-paced business environments. When employees are able to complete tasks quickly and without interruption, they tend to feel more engaged in their work. In fact, a separate Cisco study discovered that workers feel a greater sense of work/life balance when they're allowed to bring their own devices into the office.
Despite these benefits, BYOD policies must be carefully constructed to prevent possible misuse or exploitation of employees' access privileges. Companies must ensure that users are only allowed to connect to data stores and business applications they actually need, and that encryption protocols are in place to safeguard sensitive information. Considering roughly 87% of companies already rely on their employees using personal devices, according to Syntonic, it's crucial for IT administrators to understand the specific risks associated with BYOD culture.
BYOD risk assessment
The primary shortcoming of BYOD policies is that organizations often lack visibility and control over the personal devices connected to their networks. Unlike other cyber threats, the risks associated with BYOD culture are largely user-oriented - employees are solely responsible for device-level security and maintaining the confidentiality of their login credentials. The more devices connected to a corporate network, the more difficult it becomes to monitor user activity.
This lack of oversight has contributed to a growing IT visibility gap in enterprise environments - according to a survey from the cybersecurity firm Axonius, IT professionals believe they are blind to around 40% of end-user devices on their networks. What's more, an estimated 73% of organizations have experienced a major security incident related to their lack of end-user visibility. Overall, companies with these types of visibility gaps suffer 2.3 times more security incidents than those without, making strong BYOD policies essential to their long-term success.
One way to help reduce an organization's level of risk is to integrate mobile device management (MDM) and unified endpoint management (UEM) platforms into existing cybersecurity framework, according to Security Intelligence. Companies should also carefully document their BYOD policies and share relevant information and resources with employees on a regular basis. Examples of key BYOD policies include:
- Ensuring all personally owned devices have power-on passwords and encryption protocols
- Verifying that user passwords meet or exceed existing security requirements
- Encouraging employees to keep their software up to date and perform data backups
When assessing an organization's BYOD-related risks, IT administrators should consider which business apps, file sharing systems and virtual workflows face the greatest risk. This can help locate vulnerabilities users will likely overlook and provide key decision makers with actionable insights for maximizing system, network and device security. Keep in mind, a corporate network is only as strong as its most vulnerable asset, which is why reliable connectivity hardware is so important.
Perle offers industrial-grade networking equipment designed to keep pace with modern innovations in business technology. Our durable Ethernet switches exceed the specifications for commercial switching products and can help organizations maintain visibility over critical IT assets and workflows. To learn more, read through some of our customers' success stories.