How a BYOD risk assessment could save your business

Explainers
Written By Think Concepts

We live in a world where we can work anywhere, anytime via smartphones, tablets, and laptops. That gives us the flexibility to enjoy a better work-life balance, but it also comes with risks.

That’s why it’s important to establish boundaries for BYOD (bring your own device) use for your business. 

What are BYOD devices?

Many businesses benefit from a workforce that is increasingly mobile and available through the use of BYOD devices such as user-owned smartphones, tablets, and laptops. Using their BYOD device, employees can check in and complete tasks while away from the office.

It’s a win … until it’s a loss. 

What are the risks?

Almost everyone has lost a device or had one stolen at one time or another.

This is frustrating enough when it’s a purely personal device, but if a BYOD device falls into the wrong hands and doesn’t have a secure password, the implications are even more serious.


If a system-connected device falls into the wrong hands, your company data may become available to a third party. Such data can include the personal details of your clients or sensitive financial business information.

Even more alarming, a device doesn’t even need to be lost or stolen to represent a risk. Cyber criminals can hijack data using gateway access from insecure apps on phones, and malware and ransomware attacks can occur simply from a user clicking on a dodgy link in an email.

Devices with compromised integrity, such as smartphones that have been jail broken by their owners, are particularly at risk.

You may have cyber security in place for your workplace devices, but if a private user becomes vulnerable to an attack and their device is connected to your network, your network is now vulnerable, too.

Having your own network’s security and malware detection in place is a good first step, but it isn’t enough to make sure your data is secure if BYOD is part of your culture.

You need a robust BYOD security policy to limit the impact of such events.

BYOD best practice

A variety of solutions enable safer BYOD practice, including virtual environments, stronger encryption, or authentication programs. 

The best first step is to take time to assess the risks your business faces through user-owned device use. The Think Concepts team can help you trouble-shoot with a specialised security strategy.

Your robust BYOD policy should:

  • Have a sound registration and provisioning process for employee-owned devices before allowing any access to business resources

  • Employ a mechanism for assessing the integrity of a device, especially detecting if the device has been compromised at the platform level, (e.g., jailbroken), which would defeat security protections provided by the platform manufacturers

  • Have the capability to isolate and protect business applications and data from the rest of the device environment

  • Have the ability to know who, when, what, where, and how business data and services are accessed

  • Have an action plan for a lost device, such as remotely wiping sensitive information or having software to locate the lost device

If you have any questions or would like advice on your BYOD policy, get in touch with the Think Concepts team today.

Think Concepts
Previous

Is your data being sold on the Dark Web?
Next

Let’s help New Zealand’s next gen rule the world… the I.T. world!