The concept of bring your own device (BYOD) has been around for years, but since the shift to more remote and hybrid working around the world, its popularity has reached bold new heights.
For many businesses without established remote working policies in place, BYOD was the only way they could stay operational during multiple national lockdowns and restrictions on movement over the past 18 months.
When done correctly, the benefits of BYOD can be plentiful, helping businesses to achieve much needed digital transformation success at a critical time. However, it also raises several security issues, which, if not dealt with properly, can quickly leave networks and data vulnerable to the growing number of cyber threats out there.
The rise and rise of BYOD
BYOD started as a cost-saving measure for businesses that didn't want to continue paying for IT refreshes all the time, but fast forward to today, and very few digital transformation initiatives can be successfully achieved without it at their core.
In fact, 70 per cent of businesses now enable BYOD for employees, with 62 per cent also doing so for their extended employees, which includes contractors, partners, and suppliers. A further 18 per cent even enable BYOD for their customers.
Why is this? Because it didn't take long for businesses to realise that BYOD offers numerous advantages beyond just cost savings on IT. In the same Cybersecurity Insiders study, 68 per cent of respondents said BYOD improved employee productivity, with 53 per cent saying it also led to better employee satisfaction.
Of course, the pandemic has also played a major role in accelerating BYOD adoption, with 47 per cent of those surveyed reporting that their programmes have increased significantly over the last 18 months.
However, one lingering issue that continues to hold BYOD adoption back for some organisations is security. This is because IT controlled everything in a traditional on-premises network environment, from network access and user ID to endpoints and data location.
However, in a ‘new normal' BYOD remote environment, users control devices, operating systems and apps, data is everywhere, and IT doesn't even own the infrastructure anymore. Understandably, this makes many of them quite nervous!
Solving this conundrum requires a combination of three key factors: visibility, control, and trust:
#1 Use technology to boost data visibility without impacting user privacy
A top concern for many IT teams is the lack of data visibility on personal employee devices being used in BYOD programs. In the past, this would be solved by deploying agent-based security tools like mobile device management on company-owned devices.
However, employees using personal devices as part of a BYOD program often resist this kind of approach, not only because it's considered an invasion of privacy but also because it can impact device performance and functionality.
Conversely, agentless security tools that utilise cloud technology require no installation but still give security teams the control they need to monitor, track and even wipe sensitive data if/when necessary.
Furthermore, because agentless security tools only monitor company data on the device, employees can be confident that their personal data and activity remains completely private. Leading agentless security solutions even include cloud-based DLP as part of their offering, meaning businesses can cover multiple bases in one go.
#2 Optimise control with application whitelisting
From a control perspective, the use of application whitelisting can give IT teams greater security against malware and other malicious software without it becoming all-consuming in the way that blacklisting can. With new apps being released every day, maintaining an up-to-date blacklist can easily be a full-time job for multiple team members. Conversely, whitelisting allows teams to focus their efforts on apps that can be trusted in a BYOD environment, with everything else blocked by default.
#3 Improve trust and user awareness with regular security training
While technology can be a powerful way to improve security posture in a BYOD environment, one of the most effective tools is far simpler. Regular security training helps to minimise the threat of data theft or loss by promoting secure business practices and keeping employees vigilant to the most common security threats, such as phishing emails and other social engineering tactics typically used by cybercriminals.
The popularity and prevalence of BYOD programs continues to grow amongst businesses looking to achieve effective digital transformation. However, lingering security issues are still preventing some from fully embracing it.
Fortunately, many of the biggest concerns can be easily addressed through a combination of technology, smart security practice and regular employee training, leaving businesses of all shapes and sizes to enjoy the many benefits BYOD has to offer.