Bring your own device or BYOD is a business/IT practice where employees use their personal devices to access work systems and data. BYOD is a hotly contested concept in the IT-sphere due to the inherent security risk it poses. However, many companies choose to use it due to the increase in productivity that it can provide. So the question is, what benefits can BYOD provide, and what risks does it pose?
The primary benefit proponents of BYOD will bring up is that it increases employee productivity. Additional claims include that BYOD can boost employee morale, help attract new hires, and makes the company look flexible and accommodating. However, there is some skepticism as to whether BYOD actually provides any of these benefits. Some more regularly observable benefits include saving the company money due to the lack of need to purchase hardware and increasing convenience for the employees since they can access data from anywhere with their own devices.
The downsides of BYOD primarily revolve around the security threat that it poses. Allowing employees to use personal devices for work generally comes with the caveat of not monitoring and managing those devices. This could mean that if a device gets infected with malware, it may go undetected for much longer than on a company-owned device. Personal devices are often less secure than work devices since, generally, an IT department manages work devices to ensure they have proper security software and promptly install any updates. Additionally, if an employee's device gets lost or replaced with sensitive data still on it, that data could be read by anyone who gets their hands on the device. Many personal devices are also shared amongst family members, which could potentially lead to an incident such as a child accidentally distributing sensitive data without realizing it. One final issue that BYOD can create is if employees use their personal phones for client calls. If the client gets used to calling that phone number, and then the employee whom that number belongs to leaves the company, this can create confusion and annoyance for all parties.
If an organization does decide to implement BYOD, then it is vital that they take steps to mitigate the risks that it creates. The primary way to do this is by establishing a BYOD policy to define what is and is not allowed for the devices employees use to access sensitive data. Another method an organization can take is a hybrid approach between BYOD and traditional corporate-owned hardware. An organization could choose to provide hardware to its employees and still allow them to be used as personal devices. This method enables the organization to gain the productivity benefits of BYOD and retain the ability to manage the devices connecting to their network. Of course, this does come at the cost of having to purchase the hardware still.
The rise of smartphones and tablets has lead to some introducing BYOD for their businesses, but it has not obtained widespread adoption in the US. As with any business system, whether BYOD is appropriate for you will depend on your circumstances. The primary question to ask with BYOD is, could the potential boost to productivity be worth the security risk that BYOD presents?
The answer differs from company to company, but instilling a proper cybersecurity culture will almost certainly help.
We highly recommend you get our Cybersecurity Essentials for Business Owners to understand the state of cybersecurity in today's climate.
Remember: Do Your Part. #BeCyberSmart.