Bring Your Own Device — Best Practices from a Cyber Security Perspective

View all blog posts under Articles | View all blog posts under MSCS

Cyber security professional talks on phone in front of laptop.

The number of workers who bring their own device to work—and connect to their employer’s network—has proliferated in recent years.

In her Forbes article, Lilach Bullock draws on statistics from Beta News to note that “the BYOD market is on course to hit almost $367 billion by 2022, up from just $30 billion in 2014.”

Companies that don’t step up with Bring-Your-Own-Device (BYOD) policies risk losing productivity and perhaps some of their best employees.

A survey by Syntonic found that 70% of small and medium-sized businesses had a formal BYOD plan in place, and 89% of companies rely on their employees using their own devices.

But employers have reason to be cautious. When workers connect their devices to their employer’s network, security breaches are more likely, and everyone involved needs to be educated to mitigate the risks. Each external device that interacts with a business’s network raises the possibility of a security breach.

Security professionals can increase their knowledge of data security, including BYOD issues, by pursuing an online master of science in cyber security at the University of North Dakota.

The Explosion of Mobile Devices

Mobile devices are everywhere.

In the U.S., “the vast majority of Americans – 96% – now own a cellphone of some kind. The share of Americans that own smartphones is now 81%, up from just 35%,” according to the Pew Center of Research. “Along with mobile phones, Americans own a range of other information devices. Nearly three-quarters of U.S. adults now own desktop or laptop computers, while roughly half now own tablet computers.”

The number of mobile phone users around the globe is expected to surpass 5 billion this year, according to Chief Information Officer. In Southeast Asia, mobile phone users make up 90% of all internet users. The proliferation of mobile phones increases the number of people who use their own device for business. BYOD policies are not only useful for remote workers but are also popular with workers who commute to a company office and might complete some work at home.

The Risk that BYOD Introduces

Many things can go wrong when people use their own devices to access a company network. Incidences of malware, viruses, and data breaches are expensive and often devastating problems. Employees’ devices may have vulnerable connections that can be exploited by malware or hackers.

Human error is the most frequent cause of a data breach. A clear BYOD policy goes a long way toward preventing an employee from accidentally stepping into a gray area, according to Chief Information Officer.

Strategies for Ensuring Cyber Security

Both companies and employees should be well protected. Here are some tips for designing an effective BYOD policy recommended by CIO:

  • Make sure that each employee has access only to the things that they need to do their job effectively.
  • Employees should add two-factor authentication to personal devices.
  • Increase security on personal devices.
  • Employers should conduct mobile risk assessments to identify vulnerabilities.
  • Employees should use complex passwords and change them frequently.

Employer Dilemmas with BYOD Plans

Employers need to set priorities when creating BYOD policies. Employers can save money when their employees buy and maintain their own laptops and phones—at the outset. But what about when problems come up, the Forbes article asks. What should workers do if a device breaks and they can’t replace it immediately? Should employers pick up the replacement cost? What if a device is stolen and it contains links to a company credit card? Will the employer be vulnerable?

Employers have ways to manage these problems. Each company needs to decide how and when it will provide an emergency replacement for a device. When a phone is stolen, mobile device management software can restrict in-app purchases.

Separating Personal from Business Information

Another way to increase safety is to train employees so that they separate the personal use of their laptop from business use. Employers can also require that only secure and reputable apps are downloaded to devices that are for both business and personal purposes.

If a device is lost, a company can stipulate that it retains the right to delete business data remotely, according to TechGenix.

The Employees’ Perspective

Employees enjoy having familiarity with their own device and ability to work efficiently on it. But when it comes to privacy, they have their own concerns, as reported in HR Today:

“From the employee perspective, the biggest concern is that BYOD practices could lead to a loss of employee privacy. Workers may worry that their company will have inappropriate access to their financial and health data, as well as to their personal photographs, videos, contacts and other information—and that they could lose all that information if the company attempts to remove or “wipe” business information from the worker’s device, which typically happens after a person’s employment has concluded.”

Policies need to protect both the employer and the employee from inappropriate incursions into data.

Many employees might worry about the access their employer would have to their personal information through their device. As TechGenix points out, “Devices often mirror the location, lifestyles, and personal preferences of their owners. Personal email, Facebook, Instagram, Snapchat, Amazon shopping — it’s all going to happen on that device.” When a device is part of a BYOD program, the employer can see some of this information, such as location tracking.

Many employers offer a privacy sensitization workshop so that employees are aware that they lose some privacy by using their device in a work capacity.

Strong Security Practices

Employers have a lot to think about when they design a BYOD policy. TechGenix has these tips:

  • Consider the device platforms and operating systems to support.
  • Devise a methodology to continuously and regularly patch BYOD program devices.
  • Install a reliable antivirus program on all devices.
  • Prepare a checklist of security upgrades that an employee-owned device has to go through to be enrolled in the BYOD program.
  • Implement rules for password complexity and auto device-lock after a minimum viable inactivity period.

Larry Alton, in Forbes, advises millennials to seek employers with a BYOD policy in place or to advocate for such a policy where they work. The policy requires a formal strategy, requirements for anti-virus and anti-spyware software, consistent application to all employees, a secure network, and high awareness among employees about cybersecurity concerns.

In addition, the policy should include “three critical components: a software application for managing the devices connecting to the network, a written policy outlining the responsibilities of both the employer and the users, and an agreement users must sign, acknowledging that they have read and understand the policy,” according to Megan Berry, writing for IT Manager Daily.

University of North Dakota’s Master of Science in Cyber Security Program

Choosing the right online cyber security master’s program is crucial. The best programs offer courses that stay current with today’s cyber security issues and concerns – including BYOD policies – and offer concentrations that can help graduates be attractive to potential employers.

UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and ranked by U.S. News & World Report as one of the Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard, and MIT.

UND prepares students for careers in cyber security with concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information on UND’s MSCS online program, visit the program’s website.


Best Practices for Implement a Successful BYOD Program CIO

The Future of BYOD: Statistics, Predictions, and Best Practices to Prep for the Future Forbes

Internet & Technology: Mobile Fact Sheet Pew Research Center

BYOD Policies HR Today

BYOD Usage in the Enterprise Syntonic

BYOD Best Practices Techgenix

How Important Is a BYOD Policy: Five Strategies for Millennials Forbes

BYOD Policy Template IT Manager Daily