In the field of security, it is well known that there is always a weak link which is often the end user. For a long time, it has been portrayed in cybersecurity by an innocent hand that plugs an external USB drive to a computer connected to sensitive data. This time is far behind us. Nowadays, the consumerisation of ICT products has pushed employees to use their personal devices in a professional environment. The BYOD trend is now a reality that could be a threat as well as a benefit depending on how it is managed.
But what is BYOD exactly? This acronym is used for Bring Your Own Device and means that employees of a company are given permission to work, and thus access their company’s data, with their own computers, tablets, or mobile phones. This trend has been normalised in recent years due to the decline in the price of technology devices, their increased capacity, and their adoption by a growing segment of the population. Also, employers and employees find their interest despite obvious risks in terms of safety.
Fifty-nine percent of companies allow their employees to use their own electronic devices at work. This figure rises to 71% for small businesses according to a TechPro study.
The direct benefits of BYOD rely on the gain of flexibility and productivity for employees and economic advantages for SMEs, with private devices being more efficient than those provided by the IT department. Considering that employees are often more attentive to their personal data, the use of the same device in their private and professional life is an incentive to become more involved in the application of cybersecurity best practices.
To take advantage of BYOD while avoiding the associated threats, it is important to have a clear vision on the next points:
Encrypting all data is the best way to ensure that most information stays safe, even if the device is stolen or if someone penetrates the company’s network.
This technology can be directly implemented in the device by the manufacturer or can be purchased from a private company that also provides customer service and regular updates.
The most important factor in any cybersecurity strategies is always a human being.
Although best practices and rules are written in golden letters, if employees do not feel concerned, they will not be applied. Ludivine Martin, a researcher of the LISER, Luxembourg, and the CREM, France, has shown that the use of innovative work practices is an important incentive for the employee’s motivation. It is, therefore, imperative to make it clear to all employees that the use of private devices in a business environment is an advantage associated with specific responsibilities on both sides.
The BYOD is a growing trend that has already been addressed by CASES through an article released in 2014. Since this publication, the benefits and threats have changed slightly due to the consumption of ICT by individuals and the industry. However, once a clear strategy has been developed by the IT department with the support of the company’s management, employee adoption of rules and best practices is not too complicated. Then, BYOD becomes an opportunity to engage everyone in a more optimistic perspective of cybersecurity and a way to raise standards.
‘The most important point with BYOD is to consider the overall situation to anticipate any incidents that may occur. Here are some tips for doing this: