BYOD is short for ‘bring your own device’. If you check your work emails on your phone, use a personal laptop at work or run business social media from your tablet for example, then you are part of the ‘bring your own device’ movement.

This way of working has a number of benefits for both businesses and their employees. For one thing, it takes the onus off the business to necessarily provide devices for their staff to work on. For employees, it often increases productivity and gives them the flexibility to work from home or on the go. It’s not all sunshine and rainbows though.

The BYOD movement does have a dark side too

The problem with allowing employees to use their own devices is the risks it can pose to your business security. For one thing, it has the potential to open the proverbial floodgates of data leakage. Data leakage is the unauthorised transfer of classified or private information from a device or data centre to the outside world.  

Mobile and tablet devices are often the weakest link when it comes to securing your business from this type of security risk, so as the popularity of BYOD continues to grow, businesses need to make sure they have policies in place to ensure employees know what the boundaries are for using their device for work purposes, and the consequences of breaking these boundaries. Encouraging employees to take the necessary steps to keep their devices as secure as possible is also vital and this ties into another concern of the BYOD movement, the exploitation of vulnerabilities.

The truth is that most hackers are opportunists

They stumble across a security vulnerability in a big business and they take their chance to do some damage. Mobile devices, especially those outside the direct control of your business are a huge security vulnerability. For example, many employees will regularly download apps, music and images onto their device and connect to external Wi-Fi spots. They are also unlikely to have anti-virus software installed on their mobile or have an up to date firewall.

These are all actions that make these devices vulnerable to exploitation. As well as encouraging employees to make sure they do keep their device as secure as possible, going one step further and using a VPN to verify data being transferred from a mobile device to your business network is both encrypted and permitted, is also a good way of preventing viruses spreading and vulnerabilities getting exploited.

All in all, the BYOD movement demands that businesses make changes to their IT infrastructure so that it can cope and comply with employees bringing their own devices to work. Chief Information Officers and IT Directors need to know how their staff are interacting with business data through these devices too, so they can ensure the data is protected appropriately.

The first step we recommend for getting started on this journey is to get your current IT infrastructure thoroughly penetration tested so any vulnerabilities you already have can be resolved quickly and successfully, before moving on to securing your networks for the future. If you think your business could benefit from penetration testing then talk to us.