When deciding on what technology to use for business activities, it can be tempting to opt for a cheaper route. It’s also easy to let device policies fall to the back burner when you have other things to worry about. Yet, you likely are concerned about cybersecurity like many other business leaders.
This is why allowing employees to use personal devices to perform work-related activities is not in your best interest. Here are some risks to consider that are related to employees using personal devices to connect to your server and business assets.
Some businesses allow employees to use personal computers, tablets, phones, and other smart devices to perform work duties. This is commonly referred to as a Bring Your Own Device policy, or BYOD. This is a cheaper option than purchasing laptops and other hardware for employees.
It’s also much simpler for bringing on new remote hires, as you won’t need to ship equipment to them. Other companies provide a stipend for purchasing technology for work. In the current work-from-anywhere workforce, this may seem extra tempting as most people have personal devices already.
According to a study by Mordor Intelligence, 85% of companies allow employees to use their own devices for business functions. The study suggests that COVID-19 brought this about, as companies had to pivot to remote work. The study also found that employees reported more productivity with their own devices, saving an average of 81 minutes per week.
According to research from Jump Cloud, 67% of companies suffered a data breach due to allowing employees to use their own devices. The devices of highest concern were smartphones, tablets and laptops. A study by Ontech suggests why using smartphones for work may be of high concern, as it found that 35% of people keep work passwords on their personal phones.
Despite the statistics of BYOD policies, countless businesses still allow it due to the reduced costs associated. According to Insight, the average cost savings for companies allowing BYOD was $350 per employee per year.
The question of whether BYOD is good for business depends on how you define “good”. Yes, it’s cheaper to allow employees to use the devices that are already at their disposal. However, like any cut cost, there are potential ramifications. In terms of cybersecurity, it is undoubtedly much worse for business to risk a costly data breach, with resulting costs averaging $970,000 according to Quocirca Print Security Landscape 2023.
When employees use their own devices, they might not have the same protections as you could implement on a business-provided device. It’s dangerous enough that employees might click on bad links or attachments from phishing emails, but there are phishing awareness training courses to mitigate this. There is no way to truly protect or regulate the security of employee-owned devices, so BYOD policies are inherently risky to your business.
Another BYOD security risk is due to employees connecting to unknown outside devices such as printers with their devices. Experts have discovered that some reprogrammable printer ink cartridges can hold malware. This can lead to an infection of a printer and any network it’s connected to. Thus, it is easy to imagine a home computer spreading a virus to a business network.
According to IDC, 70% of data breaches originate from endpoints. If employees are using all of their own devices including their own printers connected to the network, this creates a big risk for your entire organization. Multiply that risk by how many employees are using untrustworthy devices, and your business is all the more at-risk for attack.
To learn more about printer security, check out our blog about it here: How Important is Printer Security?
You can lose a lot more than a chunk of money because of a data breach. The costs are nothing to balk at, though. According to Quocirca Print Security Landscape 2023, data breaches cost an average of $970,000. That could include legal costs, government fines, fees from data breach investigations, and much more.
Recently, the New York State Attorney General issued a $350,000 fine to a home healthcare company that suffered a data breach. An investigation found that the business lacked basic protections and training, which left 750,000 people’s personal information exposed.
Other associated losses can come from the reputational damage that a breach could leave you with. Potential customers don’t want to entrust their sensitive information to a business that seemingly won’t protect it. Even after you’ve picked up the pieces and learned from the attack, the public won’t soon forget about it. This could affect your sales, retention, and overall profits for years to come after a breach.
Mandating employees to use business-provided devices is a great way to control exactly what personnel and software can interact with your network. Work devices can adhere to strict guidelines on the tools to use, such as software that will block users from downloading untrusted software.
With zero trust products, you can manage and customize who in your organization is allowed to access sensitive data. This unique data management solution can help reduce the risk of mishandled data, as some breaches are due to human error rather than malicious attacks. Learn more about zero trust in our blog about it: Zero Trust Is a Must to Combat Shadow IT, Zero-Day Attacks And More.
Many cyber security managed services offer solutions that follow zero trust architecture. Through dark web scanning tools and other network assessment tools, you can prepare for attackers so they move on to their next targets. If you’re ready to take control of your business’s cybersecurity strategy, click the link below to get started with a free dark web scan.