How to Protect Your Organization from BYOD-Enabled Cybersecurity Threats

In 2012, a doctor at the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc (collectively known as MEEI)

lost his personal laptop that contained sensitive data – patients’ medical records, to be precise. This incident jeopardized the safety of the data, which, in turn, violated the HIPAA. MEEI was fined $1.5 million as a result.

Incidents like this highlight the risks of the growing BYOD (Bring Your Own Device) trend. However, with a strict, well-rounded policy and protections in place, the risks can be mitigated and BYOD practices can become an asset to your organization, reducing operational costs, increasing productivity and mobility, and accommodating employees’ needs and preferences.

BYOD defined

Bring Your Own Device means employees can utilize their personal devices – e.g., smartphones, laptops, tablets, etc. – for work purposes. This practice has been gaining popularity and momentum among employees/organizations for years. It is part of a larger trend – BYOT (Bring Your Own Technology). As technology becomes more available and personalized, consumers increasingly expect to experience the same level of seamless interaction with technologies at work.

The rise in BYOD is driven partly by employees wanting to be self-sufficient and use their own devices with which they are comfortable. For businesses, in the meantime, it’s an opportunity to save money on tech that their employees already have access to. While it is convenient and can be a great asset, it does put a strain on IT when it comes to making sure all these devices are secure. As the MEEI example shows, there is a costly downside to BYOD practices if they are not properly regulated, if employees are not aware of policies, or if policies are not strictly enforced.

BYOD on the rise

• 59% of organizations use BYOD in 2021, and 13% have plans to implement it. It is safe to say that BYOD practices are only going to become more prevalent as tech becomes more accessible and working remotely more commonplace.
• 77% of American adults already own a smartphone. On top of companies being inclined to save money by not purchasing extra tech for their employees, people are generally more careful with their own devices because if they break or lose them it falls to them to source a replacement.

• 85% of mobile apps have little to no protection, meaning cybercriminals can target these unprotected mobile apps to continuously harvest data from mobile consumers and mobile businesses.
• 39% of IT thieves in the office are employees. Having the ability to wipe a device used for work remotely is imperative because you can never be too careful with data.

How to protect your network assets in the age of BYOD

Implementing BYOD practices might seem like an automatic win-win for employees and employers alike, but, unless your organization incorporates strict BYOD policies into its larger cybersecurity strategy, you risk falling victim to cybercrime.

That’s why the steps below should be the bare minimum that your organization takes to safely integrate BYOD practices.

1. First things first: You need to develop a bulletproof BYOD policy that will regulate the management of devices not provided by your organization. To create this policy, IT teams must first assess the risks and then find scalable solutions to each. Once the policy is created, it can be put into action in three stages: securing device management, establishing mobile apps, and initiating mobile collaboration.

1. Make sure that remote employees use multi-factor authentication when accessing data from their personal devices.
2. Find an effective VPN service and train your employees to use it any time they are accessing organizational data remotely. The VPN will hide the device’s activities from potential cyber thieves.
3. Identify and implement an MDM (Mobile Device Management) tool that is suitable for your organization’s needs. This will give your IT team the ability to centrally manage, monitor, and secure all personal devices that have access to your organization’s network.

1. Train your employees. Make sure they are fully aware of the policies in place and, since technology is evolving at a rapid pace, keep them updated on any changes to policies and best practices
2. Finally, have a policy in place for employees leaving your organization and set up an automatic process of revoking network access and remotely wiping leaving employees’ personal phones of sensitive or restricted data, and other assets.

It is important to realize that BYOD practices are likely happening in your organization, whether you are aware of it or not. In today’s world, trying to keep all the tech in-house and internally regulated will likely be detrimental rather than innovative. Creating policies and training employees to appropriately use their devices for work is the most effective use of technology.