In recent years, using personal devices in working environments has become commonplace. But as employees inevitably hop between corporate tools and personal applications on their own devices, their actions introduce a number of possible risks that should be managed and mitigated with careful consideration.
This article will outline of some of the most significant risks associated with allowing the use of personal devices on company networks, so MSPs can take them into consideration when implementing these policies for themselves and their customers.
The rise of BYOD
It’s important to acknowledge how widespread BYOD practices have become in the workplace. Here are a few notable statistics about the increasing popularity of the trend and its growing market:
- According to a recent report, the global bring-your-own-device security market accounted for $68.810 billion in 2019 and is expected to reach $252.290 billion by 2026.
- 61% of Generation Y workers and 50% of workers over the age of 30 believe their personal tech tools are more productive and effective than the ones they use in working environments. Similarly, 60% of workers use a smartphone for work, while 31% of workers want to use one.
- A Cisco study noted that companies leveraging these practices benefited from an average of $350 in savings for every employee, each year.
- Companies allowing employees to use their personal technology tend to save a significant amount of time, with portable devices saving employees an average of 58 minutes each day and improving productivity by 34%.
BYOD practices certainly have some potential benefits, but they also can carry with them legal, cultural, and practical challenges.
What this means For MSPs
The new trend means the role and responsibilities of MSPs are more complex because they often have to manage numerous customer networks and employee-owned devices, as well as juggle different policies for multiple clients.
Fortunately, there are tools available that can help MSPs address the challenges associated with supporting employee-owned devices. Dedicated tools can help businesses achieve greater control over best practices, affording employees and companies access to the benefits of BYOD while mitigating the disadvantages.
Top BYOD risks
If your business does decide to allow employees use of their personal mobile devices for work purposes, you should be aware of the following risks:
1. Data theft
If you let your employees use their own devices unchecked, it’s likely that some of the personal applications they use may not be as stringent with their security requirements. If an account they have for personal use is hacked, it could ultimately end up exposing corporate data and confidential information.
Cybercriminals are always looking for opportunities to steal potentially valuable corporate data, and improperly managed personal devices can provide the perfect opportunity. BYOD software can help MSPs significantly reduce the risk of data theft by allowing technicians to gain visibility into managed devices in order to spot suspicious activity or monitor application usage.
Employees use personal devices to download various types of information and files, such as PDFs and applications. If an employee isn’t carefully distinguishing between valuable corporate data and data used for personal purposes, this could compromise security. For example, an employee might download a game to their mobile device that carries a hidden virus or malware. This malware could then be passed onto the company network when the employee next logs in from the infected device. Implementing strict usage policies can help mitigate the risk of malware infiltrating corporate systems.
3. Legal problems
The reputation of a business, particularly an MSP, can be irreparably damaged in the event of a security breach. Customers expect MSPs to protect their devices—so if an employee-owned device results in a leak or breach of corporate data, this could have serious ramifications, including the possibility of litigation.
Defending against legal challenges can be extremely costly and may even bankrupt smaller organizations. This is why MSPs need to be proactive about precautions when it comes to establishing BYOD practices for their clients. Furthermore, we highly recommend you work closely with legal counsel on developing any documents around bring your own device policies.
4. Lost or stolen devices
If an employee’s device is stolen or goes missing, the best-case scenario is that this is an inconvenience. But in the worst-case scenario, you’re dealing with a complete disaster. If the employee wasn’t following corporate security protocols when using their device, loss or theft could cause a major breach. For instance, the employee might be storing their passwords (both personal and corporate) in an unsecured notes application, which would make it easy for someone who acquires the device to hack corporate accounts.
Even if the employee followed policy down to the letter, hacking technology has become so sophisticated in recent years that a robust password or fingerprint authentication requirement may not be sufficient to keep them locked out of the device. Mobile device management (MDM) software can provide a solution to this problem, often allowing companies to remotely wipe the device so hackers don’t have the opportunity to access sensitive data.
5. Improper mobile management
When a staff member leaves an organization, a vulnerability can be created if they continue to have access to company applications from their personal mobile devices. To help ensure an employee can’t continue to access a system or app after they leave the company, it is crucial that companies are able to reset passwords and revoke access as soon as the employee is no longer authorized. If a security breach does occur, a company should also have systems in place to enable them to track down the device responsible.
6. Insufficient employee training
Many security issues and breaches are caused by human mistakes. This usually happens when an employee doesn’t fully understand the corporate policy, particularly when it comes to the importance and details of device security. When training employees in device security, you should consider how best to disseminate information. For example, you might implement quarterly training sessions or have an employee read and sign a document stating they are aware of company policy. Keep in mind that insufficient training will likely result in unnecessary employee errors, which could compromise your company’s security.
7. Shadow IT
Shadow IT involves information technology being managed outside of the company’s IT department without their knowledge or permission, and is a mounting concern in business environments. This happens more than you might think, as 80% of workers admit to using SaaS applications at work without getting approval from IT. When employees bring in consumer-grade technologies and products without the supervision or management of the IT department or their MSP, a number of problems can be created. Any software or hardware an employee introduces without your review or approval introduces a potential risk, whether that’s a USB drive with potential malware on it or an open-source application with low security standards.
Safeguarding your MSP against the risks of BYOD
Despite the associated risks, it doesn’t look like the BYOD trend will go away anytime soon. In fact, whether or not companies implement a policy around the use of personal devices, it is almost inevitable that employees will bring them to work and connect to the corporate network. As such, it is crucial that MSPs and other businesses take steps to proactively reduce their risks. The best way to achieve this is by leveraging all-in-one MSP software with built-in features for managing mobile devices.
N-able™ RMM is a remote monitoring and management tool that combines personal device management with cloud-based antivirus solutions, endpoint detection and response, remote access, and more into a single solution. This tool lets you secure and manage devices, helping you minimize risk with rapid, automated maintenance and setup of your complete mobile fleet. Key features include the ability to remotely lock phones, wipe devices, and reset passwords, all from within the user-friendly RMM console. A 30-day free trial of RMM is available for download.