Businesses have had to adapt significantly in the past few years, with the COVID-19 pandemic not only playing havoc with supply chains but also modifying the way that employees do their jobs. Perhaps the most obvious and universal change that we have seen is the move to working from home and other types of flexible working.
Indeed, this change has had a knock-on effect where it is now far more common for individuals to use their own devices to carry out company work. It is even the case that staff will typically bring their personal devices into the office to carry out work rather than operating on a company machine. This is known as bring your own device (BYOD).
In this article, we will take a closer look at BYOD and how it presents both solutions and challenges for businesses of all sizes.
One of the key advantages of BYOD is that it allows a worker to have a machine that they can take anywhere. This means they can bring it into the office or they can travel anywhere they need to go and have access to all of the necessary programs, files, data, and systems. This is clearly hugely beneficial.
If an employee uses multiple devices for their work, this can be effectively an essential. For example, if they have a mobile device for work purposes, this will go everywhere with them, making it less of an overall challenge.
A key challenge relating to BYOD is something that many employees might not even be aware of. If you have never heard of "shadow IT," it is a scary-sounding term that actually describes a fairly mundane process. Shadow IT is any kind of software or app that an employee uses to carry out work that hasn't been officially approved by the company's IT or security team.
The problem is that apps and software that are not approved can contain security vulnerabilities—known and unknown—that can be exploited by cybercriminals. Shadow IT is always more likely on a personal device.
It is also true that BYOD can be essential for hotdesking. Many businesses prefer the flexibility of hotdesking in the wake COVID-19, but doing so can be complicated if each worker has specific software or access needs. Indeed, it may not be practical or possible to have access to all of the various types of software used by the company on every machine.
BYOD allows for much easier hotdesking, as individuals can simply bring in the devices that have what they need on them.
Cybercriminals have come to understand that personal devices are less likely to be secure than those that are fully connected to the office network. This has led to a significant rise in cybercrime that specifically targets devices brought into the office to be used on company networks.
The issue of BYOD in the workplace can be complicated further if your business works with freelancers or contractors. Many businesses that employ freelancers or contractors expect them to come into the office, but do not always provide them with their own machines, making BYOD essential.
"Contactors are often brought into organizations with the expectation that they will bring their own device and work from it," says Harjinder Randhawa, director at contractor recruitment company ClearHub. "The fact that contractors often have to work on ad-hoc or specific projects means that being able to work from the same computer is essential."
If you are bringing in any kind of external employee to work at the office, they must understand the essentials of cybersecurity. With people being your biggest risk for cyber breaches, increasing awareness and ongoing security training are two key strategies today's modern workplaces should implement and prioritize. They must also commit to all of the same working policies around BYOD as permanent members of staff.
One growing problem with BYOD is that it ultimately leads to BYON—bring your own network. In this scenario, employees who bring their own devices to work create a mobile hotspot by tethering their smartphone's connection to another device, or even by bringing their own small router with them into the office.
This can make things easier for the employee, or make it possible for them to do things that they can't do on the standard network. The problem is that if a user is simultaneously using the company network and a network of their own, it means all of the data that passes through the secondary network cannot be monitored or made secure by the business.
Once again, we find ourselves in a situation where the employee can find a practice useful, but actually doing so has consequences for business security.
Ultimately, it is clear that BYOD can be a big benefit to a company. Banning the practice in your business can weaken the ability of your staff to work at their full potential. However, if you are going to allow BYOD you need to ensure that you have strong policies and procedures in place, as well as well-rounded cybersecurity.