Bring Your Own Device (BYOD) is an increasingly used company policy that permits and encourages employees to use their own devices for work purposes. The policy has clear cost benefits for organisations as it can considerably reduce the amount expended yearly on IT equipment. It can also be beneficial for employees who can centralise their personal and corporate information using fewer devices. Research by Market and Market shows that adoption rates of companies in the US of the BYOD initiative were at 36% at the start of 2017 and is projected to reach almost 50% by 2018.
However, without the right control mechanisms, the initiative can severely threaten IT security and puts sensitive information at risk. Under the corporate-device-only environment, security can be easier to manage as devices are commonly the same brand and can leave the workplace less. On the contrary, devices used under the BYOD policy can be more exposed to malicious activities and to being stolen or lost, jeopardising data protection and systems integrity.
Mitigate the cyber security threat
A number of measures can be put in place to mitigate the cyber security threat for companies choosing to adopt BYOD policies. Firstly, companies should implement a comprehensive information security management system to reduce risks, such as increasing access control from endpoints, assuring employees update their operating system and antivirus in accordance with company IT policy, and compartmentalising information.
Secondly, having a cyber risk management plan in place can help companies reduce the likelihood of a cyber incident and respond more effectively if one occurs. An effective cyber risk management plan can include particulars that educate employees to threat sources, associated vulnerabilities, and formulates a plan of how the company will respond in the case of an incident.
Thirdly, companies should consider obtaining insurance against losses due to cyber incidents. Data breaches can take many forms and have varied legal and operational repercussions. However, the financial implications can be devastating for small or medium-sized organisations.
Finally, providing training to employees is an essential component of a comprehensive information security management system. Employees need to be aware of threats and their responsibility to keeping data and systems secure.
NYA can assist you in developing an effective information security management system and cyber risk management plan. Contact us for further information or to discuss how we can help.