Many organizations are adopting policies to allow workers to bring personal computers or mobile devices to work. This practice allows organizations to reduce costs and provides employees with the freedom, flexibility, and convenience of using one device for both personal and business use. While there may be some benefits to adopting a bring your own device (BYOD) policy, there are security risks.
Worker-owned devices can now carry sensitive and confidential organizational data. Data access and ownership issues can create risk of data loss. Additionally, use of personal computers for business can bring about security complications. Personal equipment might not always be patched properly, and employees might access websites, applications, or other content that would normally be blocked on most company equipment.
In order to minimize security risks and maximize effectiveness, organizations must have comprehensive security and BYOD policies. Organizations need to invest in security solutions such as registering personal devices, implementing encryption standards for data protection, and using endpoint protection technology to guard personal devices against attacks. User knowledge of security threats related to using personal devices for business purposes can also help mitigate the risk.
Although implementing security controls directly onto a worker's personal equipment might be a challenge for many organizations, it is imperative that employers design properly documented BYOD policies to mitigate risk and data loss. Employees can focus on user training programs, remote system access, and virtual private networks to help create a more secure environment for personal devices.
Horwath, J. (2013, April 29). Managing the implementation of a BYOD policy. https://www.sans.org/reading-room/whitepapers/leadership/managing-implementation-byod-policy-34217