Many organisations have allowed staff to bring in their own device for use at work – these are Bring Your Own Device policies (BYOD Policy). It’s becoming more common, but what are the bring your own device policy risks?

In this article, when I refer to device, I include phones, tablets, laptops and other mobile devices. When I refer to Bring Your Own Device, I also include CYOD (Choose Your Own Device) and Buy Your Own Device (a more accurate reflection of some policies) – basically any policy that allows personal selection and investment in a device that is used for both work and personal purposes.

There are three main areas of BYOD policy risks; Security, Responsibility and Cost.

Security risks

Probably the biggest concern from businesses is around the security of the data on the device. This could be from the five big security risks;

  • Mobile data security – is the data on the device (and accessible to the device) secure?
  • Mobile device security – is access to the device data and services secure?
  • Data leakage and breach security – will the data on the device get out?
  • Application risks and security – will an app on the device cause a problem with data security?
  • Penetration risks – will an app or setting on the device let in a hacker to the rest of your systems?

 Responsibility risks

Next on the list of BYOD policy risks would be concerns over responsibility;

  • Device provisioning and setup – who ensures that the device is set up correctly (and securely)
  • Application deployment and control – who makes sure that the correct apps are installed, and not other dubious apps that might cause problems?
  • Support – if something goes wrong, who will help out to fix it?
  • Loss and replacement – if the device is lost or stolen, whose responsibility is it to ensure that it is protected/wiped, who provides a replacement to let the employee work?
  • Data backup – who ensures that data is backed up in the event of a loss or theft? What risks does this pose?

Cost risks

It may seem unexpected -as many organisations see a BYOD policy as a way to reduce costs – but other organisations see BYOD policy risks including increased costs.

  • Lost productivity – particularly through lack of training, support or device loss/failure
  • Training – more devices, more operating systems, more apps, new apps – all need training
  • Provisioning and set up – your IT staff previously used images and scripts, and now staff have to do this themselves, or ask IT for support
  • Management and control – there is an additional overhead to controlling the devices
  • New systems and software – you now need more systems to control the plethora of device models and operating systems that are in us – MDM, MAM, distributed backup and anti-virus systems
READ ARTICLE:   Supply chain and 3rd Party risks

Related posts:

The BCP Drill
Remote working - include your colleagues
What is RADIO?
Password tips for ease of use
Share this knowledge