Half of the UK workforce could be working remotely in 2020 and many organizations now actively encourage this trend with Bring Your Own Device (BYOD) policies that allow employees to use their own smartphone, laptop or tablet to do their work.
But the downside of remote working lies in new security challenges, so businesses need to find the right balance between keeping employees productive and happy while protecting their employees and the corporate network from the new security threats created by remote working.
The Rise of BYOD
Thanks to near-ubiquitous high-speed wireless internet access and modern cloud-based productivity apps, organisations are finding that many tasks that once required an employee to sit in front of an office computer can just as easily be done from home or on the move.
The formalization of BYOD policies is part of a general trend of encouraging “anytime, anyplace” collaboration throughout the organisation and breaking down communication barriers. BYOD enables workers to achieve a seamless flow of information and access to applications across all of their devices, irrespective of whether these devices belong to the employer or employee.
Like many large organizations, Transport for London has introduced a BYOD scheme and in 2017 around 8 percent of its staff had registered to use their devices for work purposes compared to just 3 percent a year earlier.
Reasons for adopting BYOD
If implemented correctly, BYOD brings significant benefits to both employee and employer.
The business benefits include greaterproductivity and lower staff turnover due to their ability to remote work. BYOD can also yield cost savings on both the capital cost of equipment – because employees buy the devices themselves – and the associated operating costs such as mobile phone data plans, software subscriptions and helpdesk support.
According to a survey conducted by Osterman Research, the top reasons given by businesses for encouraging BYOD were:
- 69% – to increase worker productivity and make employees more productive on mobile devices
- 61% – to keep employees happy by permitting them to bring their own mobile devices to work
- 48% – to get ahead of competition and sustain competitive advantage
- 46% – to re-examine how they engage with customers, partners and suppliers; and
- 37% – to reduce spend on telecommunication bills.
For their part, employees feel happier and more satisfied with their job as they have the freedom to work when and where they choose, using their own device rather than a computer or mobile phone that the company has provided.
Working remotely once might have seemed an option only offered by for the most forward-thinking of organisations, but in a tight job market, it has become a make-or-break condition of employment for many. A recent studyby Flexjobs revealed that the number of people who would leave a job due to lack of flexibility has almost doubled from 17% in 2014 to 32% in 2017.
Threats created by BYOD
Remote working is undoubtedly on the rise, but so too is the range of potential threats that companies face when they let their employees make use of their own IT equipment. This is particularly a problem for smaller companies, as they typically lack the knowledge and specialist IT staff to implement effective BYOD security policies.
In a study by payments firm Paymentsense of more than 500 small and medium-sized enterprises in the UK, 61% admitted that they had experienced a cyber-security incident since introducing a BYOD policy.
The major problem with BYOD is that the employer has significantly less control over the device than it would have over a traditional employer-owned and administered device.
There is a blurring of business and personal use, and this is particularly a problem for smartphones, as users may install apps that hackers know how to exploit or malware-infected apps that masquerade as legitimate mobile applications – bogus mobile games being a prime example of this.
Furthermore, even if the user later deletes the app, the malware may remain on the mobile device, sitting dormant and ready to attempt to penetrate the user’s corporate network the next time they connect to the VPN.
Another prominent threat is phishing. It is relatively easy for businesses to protect their own network from potential phishing attacks on their own machines, but much more complicated to do that for BYOD devices.
Many people use only simple security measures such as passwords on their personal devices, thinking that they will never the lost or stolen. But a determined cybercriminal may be able to crack basic security measures and use the device to penetrate the corporate network.
Apart from the most security-critical of organizations, the advantages of adopting BYOD will almost certainly outweigh the perceived risks. For this reason adoption and employee usage will continue to expand.
However, organizations must be aware the traditional processes and procedures applied to enterprise-owned devices have to be adapted or supplemented to help minimise its risk in allowing use of personal devices.
We will look at some of the ways organizations can protect their BYOD devices in a future post.