In the field of security, it is well known that there is always a weak link that is often the end user. For a long time, it has been portrayed in cybersecurity by an innocent hand that plugs an external USB drive to a computer connected to sensitive data. This time is far behind us. Nowadays the consumerization of ICT products has pushed employees to use their personal devices in professional environment. The BYOD trend is now a reality that could be a threat as well as a benefit depending on how it is managed.
But what is BYOD exactly? This acronym is used for Bring Your Own Device and means that employees of a company are given permission to work, and thus access their company’s data, with their own computers, tablets or cell phones. This trend has been normalized in recent years due to the decline in the price of technology devices, their increased capacity and their adoption by a growing segment of the population. In addition, employers and employees find their interest despite obvious risks in terms of safety.
59% of companies allow their employees to use their own electronic devices at work. This figure rises to 71% for small businesses according to a TechPro study.
The direct benefits of BYOD rely in the gain of flexibility and productivity for employees and an economic advantage for SMEs, with private devices being more efficient than those provided by the IT department. Considering that employees are often more attentive to their personal data, the use of the same device in their private and professional life is an incentive to become more involved in the application of cybersecurity best practices.
To take advantage of BYOD while avoiding the associated threats it is important to have a clear vision on the next points:
Encrypting all data is the best way to ensure that most information stays safe, even if the device is stolen or if someone penetrates the company’s network
This technology can be directly implemented in the device by the manufacturer or can be purchased from a private company that also provides customer service and regular updates.
The most important factor in any cybersecurity strategy is always the human being.
Although best practices and rules are written in golden letters, if employees do not feel concerned, they will not be applied. Ludivine Martin, a researcher of the LISER, Luxembourg, and the CREM, France, has shown that the use of innovative work practices is an important incentive for the employee’s motivation. It is therefore imperative to make it clear to all employees that the use of private devices in a business environment is an advantage associated with specific responsibilities on both sides.
The BYOD is a growing trend that has already been addressed by CASES through an article released in 201X. Since this publication, the benefits and threats have changed slightly due to the consumption of ICT by individuals and the industry. However, once a clear strategy has been developed by the IT department with the support of the company management, employee adoption of rules and best practices is not too complicated. Then, BYOD becomes an opportunity to engage everyone in a more optimistic perspective of cybersecurity and a way to raise standards.
“The most important point with BYOD is to consider the overall situation to anticipate any incidents that may occur. Here are some tips for doing this: