Man at computer searching cyber events

Remote Workers Require Better BYOD Security

Half of the UK workforce could be working remotely in 2020 and many organizations now actively encourage this trend with Bring Your Own Device (BYOD) policies that allow employees to use their own smartphone, laptop or tablet to do their work.

But the downside of remote working lies in new security challenges, so businesses need to find the right balance between keeping employees productive and happy while protecting their employees and the corporate network from the new security threats created by remote working.

The Rise of BYOD

Thanks to near-ubiquitous high-speed wireless internet access and modern cloud-based productivity apps, organisations are finding that many tasks that once required an employee to sit in front of an office computer can just as easily be done from home or on the move.

The formalization of BYOD policies is part of a general trend of encouraging “anytime, anyplace” collaboration throughout the organisation and breaking down communication barriers.  BYOD enables workers to achieve a seamless flow of information and access to applications across all of their devices, irrespective of whether these devices belong to the employer or employee.

Like many large organizations, Transport for London has introduced a BYOD scheme and in 2017 around 8 percent of its staff had registered to use their devices for work purposes compared to just 3 percent a year earlier.

Reasons for adopting BYOD

If implemented correctly, BYOD brings significant benefits to both employee and employer.

The business benefits include greaterproductivity and lower staff turnover due to their ability to remote work. BYOD can also yield cost savings on both the capital cost of equipment – because employees buy the devices themselves – and the associated operating costs such as mobile phone data plans, software subscriptions and helpdesk support.

According to a survey conducted by Osterman Research, the top reasons given by businesses for encouraging BYOD were:

  • 69% – to increase worker productivity and make employees more productive on mobile devices
  • 61% – to keep employees happy by permitting them to bring their own mobile devices to work
  • 48% – to get ahead of competition and sustain competitive advantage
  • 46% – to re-examine how they engage with customers, partners and suppliers; and
  • 37% – to reduce spend on telecommunication bills.

For their part, employees feel happier and more satisfied with their job as they have the freedom to work when and where they choose, using their own device rather than a computer or mobile phone that the company has provided.

Working remotely once might have seemed an option only offered by for the most forward-thinking of organisations, but in a tight job market, it has become a make-or-break condition of employment for many. A recent study by Flexjobs revealed that the number of people who would leave a job due to lack of flexibility has almost doubled from 17% in 2014 to 32% in 2017.

Threats created by BYOD

Remote working is undoubtedly on the rise, but so too is the range of potential threats that companies face when they let their employees make use of their own IT equipment. This is particularly a problem for smaller companies, as they typically lack the knowledge and specialist IT staff to implement effective BYOD security policies.

In a study by payments firm Paymentsense of more than 500 small and medium-sized enterprises in the UK, 61% admitted that they had experienced a cyber-security incident since introducing a BYOD policy.

The major problem with BYOD is that the employer has significantly less control over the device than it would have over a traditional employer-owned and administered device.

There is a blurring of business and personal use, and this is particularly a problem for smartphones, as users may install apps that hackers know how to exploit or malware-infected apps that masquerade as legitimate mobile applications – bogus mobile games being a prime example of this.

Furthermore, even if the user later deletes the app, the malware may remain on the mobile device, sitting dormant and ready to attempt to penetrate the user’s corporate network the next time they connect to the VPN.

Another prominent threat is phishing.  It is relatively easy for businesses to protect their own network from potential phishing attacks on their own machines, but much more complicated to do that for BYOD devices.

Many people use only simple security measures such as passwords on their personal devices, thinking that they will never the lost or stolen.  But a determined cybercriminal may be able to crack basic security measures and use the device to penetrate the corporate network.

Round-up

Apart from the most security-critical of organizations, the advantages of adopting BYOD will almost certainly outweigh the perceived risks.  For this reason adoption and employee usage will continue to expand.

However, organizations must be aware the traditional processes and procedures applied to enterprise-owned devices have to be adapted or supplemented to help minimise its risk in allowing use of personal devices.

We will look at some of the ways organizations can protect their BYOD devices in a future post.

Share this post

About the Author

Dan Proctor Lead Engineer headshot

Dan Proctor

Senior Security Automations Engineer

  • ISO 42001

Dan Proctor

With expertise in AI and automation platforms such as n8n, PowerAutomate, and advanced LLMs, Dan plays a key role in embedding intelligent tooling across both CyPro’s clients and our internal operations. He designs and maintains secure, resilient IT and automation infrastructure, integrating workflows across platforms like Microsoft Teams, Jira, and SharePoint to drive efficiency, reliability and compliance.

Passionate about applying AI ethically and responsibly, Dan develops reusable automation components, fine-tunes models for business and client use cases, and implements robust governance to minimise bias and ensures data security. His experience spans from building multi-step agentic workflows and monitoring automation performance to optimising cost efficiency and reducing manual effort across critical operations.

Dan plays a pivotal role in making our internal processes more efficient, such as by automating research, improving detection rates in our Security Operations Centre and enabling consultants through AI-powered processes. By combining technical innovation with a practical, security-first approach, he helps deliver measurable value to both our clients and CyPro’s own internal operations.

View Profile
Author
Dan Proctor Lead Engineer headshot

Dan Proctor

Senior Security Automations Engineer

Category
Published
Mar 18 - 2019
Cypro firewall showing robust network security
Secure your business.
Elevate your security, accelerate your growth. We take care of cyber security for high-growth companies, at every stage of their journey.
Get in touch
Related Posts
View All Posts
  • Engineers reviewing vulnerability scan results in CI/CD pipeline
    What Is a Vulnerability Scan? A UK Guide to Types, Costs and What to Do With the Results (2026)

    A vulnerability scan is an automated check of systems, networks or applications that finds known software flaws, missing patches and…

  • Engineer testing an HSM appliance for ransomware resilience in lab
    Over 300 UK Organisations Reported Ransomware Attacks. What Should Businesses Do Next?

    Ransomware resilience is the ability to keep operating, limit harm and recover quickly after a ransomware event. Data from Report…

  • IT identity admin inspecting MFA prompts — managed detection context
    Managed Detection: The Important Benefits of MDR in 2026

    Managed detection is a service that detects, analyses and responds to cyber threats across an organisation’s IT and cloud environments,…

CyPro Cookie Consent

Hmmm cookies...

Our delicious cookies make your experience smooth and secure.

Privacy PolicyOkay, got it!

We use cookies to enhance your experience, analyse site traffic, and for marketing purposes. For more information on how we handle your personal data, please see our Privacy Policy.

Schedule a Call