Devin Partida writes about cyber security and technology. She is also the Editor-in-Chief of ReHack.com.
Almost every American carries their smartphone wherever they go. Mobile devices have become an integral part of life for most people, meaning employers should expect that their employees will bring smartphones and other devices to work.
While BYOD in the workplace is nothing new, these personal devices can make a business more vulnerable to cyber attacks. Without the right security policies, personal devices are a risk. Here’s more about cyber security risks around personal devices that should concern employers, especially as employees return to the workplace.
The potential risks of personal devices in the workplace
Mobile devices can be susceptible to attack in ways that laptops or desktop computers are not – especially when those mobile devices are personal devices that employees may not properly secure and IT does not have access to by default.
Employees may inadvertently compromise their personal devices with malware from spam, malicious links, or phishing campaigns (which have become much more common since the beginning of COVID-19).
Social engineering attacks and lost devices may also provide attackers with direct access to an employee’s personal device – and, as a result, any corporate information or business network access their device may have. A compromised personal device may easily lead to a more serious corporate data breach.
Hackers have plenty of reasons for targeting personal mobile devices, even if they don’t know a device has corporate data or network access. Tools like digital wallets, for example, make transactions much easier, but may also hold onto financial information that a cyber criminal may attempt to steal.
Personal mobile devices may not be subject to the same security policies as corporate devices and IT teams may not even know they exist. These devices can create serious security risks that businesses will need to anticipate and manage. At the same time, preventing employees from bringing these devices to work may not be practical or could be seen as unusual.
How businesses can manage cybersecurity with personal devices
A combination of BYOD policy, training, and mobile device security tools will help businesses manage the security risks of personal devices while allowing employees to bring their devices to work.
Effective BYOD policies help IT teams identify and secure personal devices. They also teach employees how to safely use their personal devices at work and provide specific guidance that they can use to protect both their devices and the company’s network.
For example, a BYOD policy may require that employees not use their devices to store company information. This helps ensure that if a device is compromised, corporate information will remain confidential.
Businesses can use tools like mobile device management software to ensure that employees use their personal devices in a way that protects their data, the company’s data, and the company network.
These management tools create barriers on employee devices that separate corporate information from personal information, helping to ensure that employees do not accidentally compromise corporate information on their devices.
If necessary, a business could also require that employees use only business-provided devices in the workplace and leave their personal devices at home or off while they work. This solution can be challenging to implement if the company isn’t willing to invest in new devices for workers, however, and able to navigate ongoing tech shortages.
The company must also be willing to accept a transitional period during which employees adapt to new workflows that don’t involve their personal devices. These employees may also need to transfer work files off of their personal devices if they were using these devices for storage.
Protecting employees’ personal devices in the workplace
Having personal devices in the workplace is already the norm for many businesses, but these devices can come with cyber security risks.
If compromised, a personal device may provide a hacker with access to important business information or network access. Because these devices are often unprotected and unmonitored by business IT teams, they may be more vulnerable to attack.
Businesses should take action to ensure employees’ personal devices don’t create additional cyber security risks. Otherwise, they may be exposing both the business and its employees to cyber crime.
For more from Editor-in-Chief of Rehack.com, Devin Partida, see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.