Pinterest Stumbleupon Whatsapp
Advertisement

The days of spending 40 hours per week using a 15-year-old computer with a blinking monitor are long gone. Office workers around the world no longer have to endanger their health or their sanity. Most forward-thinking companies are happy for their employees to bring and use their own devices.

But for every winner, there’s a loser. While your eyesight might benefit, you could gravely compromise your safety and security by enrolling on a “Bring Your Own Device” (BYOD) scheme. And the dangers don’t stop for you as an employee 5 Ways Your Security Is at Risk in the Office 5 Ways Your Security Is at Risk in the Office You assume your corporate IT colleagues are skilled enough to keep your data safe. But what if they're not? And what other threats face your privacy and security in the workplace? Read More — your company could be putting itself at risk as well.

What are the security pitfalls of BYOD? In this article, I’m going to discuss why the idea of BYOD is gaining traction, then explain what problems could arise.

What Is BYOD?

BYOD is a catch-all term for a company policy that allows employees to use their own devices to access company data, email, infrastructure, and networks.

The devices can be everything from smartphones and tablets to laptops and projectors. Typically, it refers to any employee-owned device with an internet connection that is connected to a company’s internal network.

Advertisement

The term entered general use in 2009 thanks to Intel, and since then the policy has exploded. The vast majority of the world’s largest companies now offer some form of BYOD, as do thousands of SMEs.

Data suggests uptake of BYOD has been most prevalent in the Middle East where more than 80 percent of the office workers now have access to the policy. Brazil, Russia, India, UAE, and Malaysia are the world’s five leading countries — all boast rates of more than 75 percent. In North America, the rate stands at about 44 percent.

Why Do Companies Like It?

Companies have been quick to adopt BYOD for two key reasons: cost-cutting and productivity.

Cost-wise, companies are be able to save money on hardware, software, and device maintenance 8 PC Maintenance Mistakes That Kill Your Hardware Lifespan 8 PC Maintenance Mistakes That Kill Your Hardware Lifespan PC maintenance isn't rocket science, but you could be making a handful of mistakes that are actually harming your hardware. Read More . Theoretically, it eases the strain on IT departments that already struggle to keep up with the rapidly changing pace of technology.

From a productivity standpoint, repeated research has shown employees who have access to BYOD policies are happier, more comfortable, and typically work faster.

But everything isn’t rosy. There are potentially some serious security pitfalls both employees and companies need to consider.

Security Pitfalls for Employees

Companies frequently use remote mobile device management software to manage BYOD schemes, but the software is more intrusive then employees might believe. Here are three things you should watch out for.

1. Data Collection

How much data would you be willing to share with your company? For example, would you be happy if your boss knew your entire browsing history? Would you be eager to share your location with your IT department?

The answer to these questions is probably “No,” but according to a report by Bitglass, you might be exposing yourself to these profound invasions of privacy.

“The intent of mobile device management solutions is not to spy on employees but to monitor for things like malware and general security.

But these tools do a lot more. That includes seeing where the phone is located, what apps are on the phone, and even what websites the user was accessing. We could see that some of our employees search for health information on the web.”

— Salim Hafid, Product Manager at Bitglass

Ask yourself this question: do you know what data your company holds about you? Under both U.S. and U.K. law, you have a legal right to see it all. Go and ask your HR department. The results might surprise you.

2. Intercept Personal Communications

While you might not be thrilled at the idea, most of us accept our employers have a right to access and monitor our company email accounts. But what about personal email accounts? Or messages sent via Facebook Messenger Facebook Messenger Privacy: Everything You Need to Know Facebook Messenger Privacy: Everything You Need to Know Are you concerned about Facebook Messenger privacy? Should you be? We take a look at the app permissions and the case for protecting your messages with another app. Read More ? That’s a different matter entirely.

And yet, researchers at Bitglass were able to see all these communications using remote device management software. The report even claimed passwords and bank details were visible.

Of course, companies probably aren’t collecting this data as a matter of course (unless you gave them permission to in the small print of your contract). However, the potential risk should set alarm bells ringing. Would you trust every member of your company’s IT department not to snoop on you? Do you have faith in your business’s security systems ability to prevent hackers from gaining access to the data?

3. Loss of Personal Data

Almost all mainstream remote device management software that companies use can remotely wipe data from a device.

Companies need these safeguards in case you leave the organization. Your employer has to be able to delete sensitive data on managed apps and any database content you might have on your device.

But the device management software doesn’t just have the ability to wipe company-managed apps. It can also delete entire apps and even wipe the whole phone.

stressed man
Image Credit: pathdoc via Shutterstock

As an employee, this means your data is permanently vulnerable to the whims of your company. If you’ve signed a BYOD contract, even something as innocent as accidentally downloading a company file to a non-managed app could give your employers reason to wipe your phone.

Bottom line: Your photos, music, files, and messages are all at risk of being deleted without your consent.

Security Pitfalls for Companies

While most employee risks are mostly privacy-based, the employer risks mainly revolve around security. Here are the three top ways companies are at risk from their BYOD policies.

1. Lost Devices

A company can spend thousands of dollars on the latest security software, but can’t do anything to prevent simple user error.

People lose things 2 Easy Ways to Recover a Lost or Stolen Android Phone 2 Easy Ways to Recover a Lost or Stolen Android Phone These methods can help you find your lost or stolen Android phone or tablet. Read More , and things get stolen. And if the lost device happens to contain highly sensitive information, it can be devastating for the company in question. Indeed, data suggests more than 60 percent of all enterprise network breaches are due to stolen devices.

A company will argue this is why it needs remote mobile device management software on BYOD gadgets, but employees are likely to push back for reasons I’ve already discussed.

The problem can lead to a stalemate in which neither the employer or employee are happy with the situation.

2. Unsecured Networks

People are going to use their devices on a wide range of networks. And although your home Wi-Fi might be largely safe from criminals and hackers, the same cannot be said for public Wi-Fi in hotels and airports 7 Secure Strategies to Use Public Wi-Fi Safely on Phones 7 Secure Strategies to Use Public Wi-Fi Safely on Phones Is that public Wi-Fi network you just connected to safe? Before you sip your latte, and read Facebook, consider these simple secure strategies to using public Wi-Fi safely on your phone. Read More .

Such networks are rich hunting grounds for cyber-criminals. Hackers can lurk in wait for a poorly secured device to log on, then wreak havoc as soon as a connection is made.

Again, the data supports the theory. Estimates suggest hackers target as many as 40 percent of all BYOD devices on a public Wi-Fi network within four months of use.

Companies can protect against these problems with robust security profiling, but do non-tech SMEs have the budget, time, or knowledge to take such steps?

3. Software Updates

The disparity between how different companies release updates can cause problems from companies. For example, look at the difference between Apple’s centralized update process and the fragmented Android approach.

Employees will be using a wide variety of devices, and IT departments have no way of forcing them to upgrade to the latest releases. The same thing applies to third-party apps: how can companies be certain that the app’s code isn’t vulnerable?

update button
Image Credit: Markus Mainka via Shutterstock

Sure, companies can prevent employees with out-of-date software from accessing the networks, but then the employee is going to be unable to do their job. It defeats one of the key original tenets of BYOD: improved productivity.

Are You Worried About BYOD?

I’ve shared the three biggest BYOD security concerns from both and employer’s and employee’s viewpoint.

Of course, there are lots of benefits to the policy, but both parties need to be aware of the risks they are exposing themselves to. At the moment, not enough of the stakeholders possess sufficient knowledge.

Are you an office worker with an unsavory BYOD story to share? Have you encountered a BYOD horror show at your SME? As always, you can leave all your thoughts and opinions in the comments below.

Image Credits: Ryan Jorgensen – Jorgo/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. GESeldon
    June 14, 2017 at 6:38 pm

    This is little more than cheapskate companies trying to fob off costs to employees that should rightfully be the company's responsibility. If the company can on a whim wipe *MY* device, if they can dictate what I can or can't run on it, or do with it, then it is no longer MY device, and therefore I will not be paying for it. If they want a device subject to their own whims and demands, they can darned well pay for it themselves.
    This is why my company is not even allowed to have my cell number, let alone gain any use of it. My devices are mine, theirs are theirs, and the usage of them remains absolutely separate and isolated from each other.

  2. David Martchouk
    June 8, 2017 at 8:41 pm

    Also, when you are at the mercy of a MDM any glitches the MDM has could also wipe away your personal data. From my experience, I have had users calls saying their cellphone suddenly wipe itself, while the phone was in their pocket! This can also on very very rare occassion happen if the cellphone is pressing buttons in their pocket to cause too many password attempts, but could be in some cases our MDM glitched out and decided to wipe out the device. For example, the MDM glitched thinking the device is no longer compliant, or malware detected, and for some reason instead of doing its usual thing the MDM decided to start a remote wipe, automatically, without an IT guy clicking any buttons.

  3. David Martchouk
    June 8, 2017 at 8:36 pm

    I am an IT employee that gives out BYOD instructions for cellphones, and while we normally use a MDM solution for company cellphones, for BYOD we now only use ActiveSync for emails. The amazing thing is, even with our ol' Exchange 2010 server we can easily wipe the entire cellphone. We can wipe any cellphone by only using ActiveSync, even within Outlook Mail app! So yes, if you have BYOD be warry that all your data could very easily be deleted remotely, you can even do it yourself by accident within your Outlook Mail app that you login to.