While it has long been common practice in larger enterprises, bring your own device (BYOD) culture is rapidly gaining traction in small businesses. It’s all thanks to COVID-19 work-from-home directives and the explosion of mobile apps used in business.
BYOD is effective at raising employee productivity and satisfaction. After all, it allows them to use the devices, software, and apps they are most comfortable with to do their jobs. Integration and mobile technologies have also improved. Now, employees can access the business data and applications they need on their favorite devices.
But the security risks are very real. Small businesses that choose BYOD will need to deploy technology solutions, monitor employee data and application usage, and manage independent devices. They also need to otherwise decrease security risks to the company’s infrastructure and data. Most risks involve unauthorized access to sensitive information, data theft, and data loss. Phishing and malware are also concerns. The right tools and a strong small business BYOD policy in place can help minimize these risks.
In this article, we’ll cover the benefits of BYOD for small businesses. We’ll also explore five best practices to follow to do BYOD security right.
What is BYOD, and what are the advantages of allowing it?
BYOD is sometimes referred to as a business policy. Sometimes it’s an organizational cultural issue. But at its core, employees use their own mobile devices to access business systems and data.
Traditionally, businesses only allow access to corporate applications and systems via company-owned and controlled hardware. With BYOD, they open up the network to employees’ privately owned devices.
Although the tide was already turning in favor of personal devices, COVID-19 forced a massive change on businesses of all sizes. The pandemic’s shift to remote work caused many more organizations to move to BYOD. Today, 82% of businesses surveyed depend on employees accessing business apps from their own devices.
Enabling BYOD helps businesses improve employee productivity and satisfaction, while also reducing costs. Employees are generally happier and more efficient using their own devices. Their laptops, smartphones, and computers are already set up to fit their personal preferences. Employers can save money without constantly buying, repairing and upgrading devices.
According to another study, when employees use their own devices they begin to work on tasks sooner and finish them faster. Smartphones are the most-used BYOD devices. But employees also use wearable devices like smartwatches. In customer-facing industries such as retail and hospitality, wearables can help employees make decisions and take actions in real-time. They can positively enhance the customer experience.
The serious security risks involved
Small businesses reported a number of BYOD security risks in a recent survey. The most critical one (62%) was anxiety about data leakage or loss. Next, they feared employee downloads would be unsafe or contaminated by malware (54%). They also worried about lost or stolen devices (53%). And more than half (51%) worried about unauthorized access to company data and systems.
Yet the same survey found that businesses deploying BYOD are surprisingly relaxed about standard security measures. Only 22% have visibility into all the devices attached to their network. 41% of businesses still rely on endpoint malware protection. 30% don’t protect against malware for BYOD at all—they leave it up to the device owners. Most surprisingly, only 11% of businesses surveyed are using a cloud-based malware protection solution.
5 steps for reducing BYOD security risks
If you decide that BYOD is right for your small business, take these five steps to reduce security risks.
- Deploy mobile device management (MDM). MDM software helps small businesses ensure that personal devices are following security policies. With password protection, software control, version management, remote wiping, and other security controls MDM can help protect you from BYOD security risks. MDM also allows you to centrally distribute all the apps in your small business to users. You no longer have to install them on each device. Probably the most critical MDM security feature is the option to separate personal data from company data on each device. If an employee loses a device or if it is stolen, you can wipe all business data remotely.
- Create hosted virtual desktops. This technology allows users to click into a “space” on their device. From there, employees can run business operating systems and applications and access data. A virtual desktop doesn’t impact the personal settings or data on the device and is completely isolated from the real (physical) desktop. With a virtual desktop, your employees can follow all the BYOD security rules and policies to keep your business secure.
- Be very specific about which devices your employees can use. Your BYOD policy should be very clear about which personal devices employees can connect to your network. It should also explain how to and when they can access sensitive applications and data. Some important considerations: Will you support both Android and iOS devices? Any particular models? You must set clear boundaries, otherwise, your employees could have incompatibility problems.
- Forge strong BYOD security rules. Tell your employees they must follow certain BYOD security processes and procedures. For example, you may require the right to monitor any communications sent through their devices over the business network. Your security rules may also include mandatory password protection and registration with a “find my device” service. Finally, employees must be rigorous about regularly updating and patching operating systems and other software on their devices.
- Create an employee offboarding process plan. You do this so you’ll know what to do when someone with a BYOD device leaves the company. Make sure you have a policy that enables you to remove your data from their devices before they leave.
BYOD is here. Prepare for it.
Allowing employees to use their personal devices for work offers a lot of advantages. But BYOD also comes with security challenges, like unauthorized access to sensitive information and data loss. Putting a strong small business BYOD policy in place can help reduce these BYOD security risks, and let you reap the benefits of BYOD without the drawbacks.