Bring Your Own Device & Video Conferencing: Don’t Jeopardize Your Data
With growing concerns for cybersecurity following a recent uptick in cyber-attacks, it’s more important than ever for business to take inventory of their cyber strategies.
Since the pandemic, it’s estimated that 80% of businesses allow employees to use personal devices to perform work related activities. This creates a cybersecurity risk, as data breaches can result from overlooked weak points.
One of these weak points may be your video conferencing setup, as cybercriminals can you need to ensure that meetings are secure. Especially when employees are working remotely or on-the-go, they might use their personal phones or computers to join video conferences.
Here’s why "bring your own device" (BYOD) poses issues for your organization’s security and manageability, and alternative options.
Benefits of BYOD
Bring-your-own-device policies are popular in today’s workforce. Improved employee satisfaction and productivity and convenience when using their own devices. This is likely due to employees being more familiar with their own devices and being able to customize their experiences more.
BYOD may seem especially enticing if you have remote employees. After all, it offers big cost savings to encourage employees to use personal devices for work rather than provide updated devices to everyone. Some workplaces will also save money by simply allowing a technology stipend for employees to select their own equipment to purchase.
Security Issues with BYOD
The idea of employees accessing work assets may not worry you too much. However, cybersecurity experts are now recommending that all businesses follow cybersecurity best practices to combat cyber attacks. One of these best practices is implementing zero trust infrastructure, which requires every user and program to be approved by your IT team before accessing the network.
There is no way to control the security or verify the safety of software downloaded onto employee-owned devices. This makes BYOD policies incredibly risky to your organization.
Why BYOD is Tricky for Video Conferencing
If your employees use their own devices for meetings, it may be difficult to standardize settings and configuration for each device. For example, one employee's mobile phone may be an Android device and others may have Apple products. This issue can be mitigated since there is web-based access for all of the major video conferencing platforms. However, it would make for a clunky start to meetings for everyone to access the meeting with mixed methods.
Some operating systems are more compatible than others with apps like Microsoft Teams, Zoom, and Webex. This means that you might run into issues with managing the compatibility of different devices with your chosen unified communications platform.
Company Owned, Personally Enabled (COPE)
As opposed to BYOD, company owned, personally enabled (COPE) mobile strategies offer flexibility and enhanced control over your cybersecurity. Your IT team can select devices specifically for their cybersecurity features, and you can have peace of mind that you can install and have full control of the security tools protecting the devices.
For example, if you provide employees with company-owned laptops, employees will still be mobile if they work from home or outside of the office. You will also be able to block any untrustworthy downloads and implement user authentication tools on each device.
This dramatically reduces your risk of cyber attacks, since you can mitigate the risk of malicious threats that could infect your network from an unsecured device.
How COPE Simplifies Technology Management
As one can expect, when you homogenize what devices and operating systems each employee uses, you can control any necessary software updates or security tools for all devices at once. Unlike for BYOD, you can anticipate what the universally compatible devices will need, and control aspects like:
- Automatic software update settings
- Zero-Trust tools
- Trusted programs that will automatically be available organization-wide
- User authentication settings like password requirements and resets
- Multifactor Authentication (MFA)
COPE and Video Conferencing Compatibility
When you standardize what operating systems your staff uses for video conferencing, it’s much easier to ensure no one has integration issues. You can curate your unified communications tools with company issued devices. This will reduce the hassle of some employees being unable to download software or join meetings.
Device compatibility is especially important if you use video meeting tools that require software package downloads to use them. You might not be able to mitigate these issues with outside vendors or clients, but implementing a COPE strategy can ensure your employees are set up for success.
Company Owned, Business Only (COBO)
Another type of mobile device strategy is "company-owned, business only" policies. This is a policy that restricts company-owned devices and assets to be for work purposes. As a stricter version of COPE, these policies are typically used in industries with compliance requirements like healthcare, government and finance.
Hybrid Mobile Device Management (MDM) Policies
If you’re stuck on the decision between BYOD and COPE, you should consider that there are hybrid options as well. You can create a BYOD policy that makes sense for your business’ budgetary constraints and practical needs. In your hybrid BYOD policy, you can address aspects such as:
- Specific applications secure enough to be accessed by personal devices
- Procedures for device wiping in the event of a lost or stolen device
- Policies for data removal if an employee exits your company
There are many options for creating a policy that makes sense for you. Every business is different, and many have needs relating to traveling, remote or international employees, data protection compliance,
Built-In Security of Cloud Applications
Using cloud-based videoconferencing applications is another great way to ensure meetings are secure. Platforms like Microsoft Teams can be downloaded onto mobile devices and offer built-in encryption and other security features for user authentication.
If you do allow employees to use personal mobile devices for video calls, research the most secure videoconferencing software before committing to one. To learn more about your options, read our article: Top Video Conference Platforms for Small Businesses.
Other Strategies to Keep Video Meetings Secure
The National Institute of Standards and Technology (NIST) recommends taking steps like screening participants in waiting rooms to ensure only qualified individuals enter meetings and to avoid reusing passcodes. Below, you will find a guide from NIST on securing your video meetings based on how sensitive the meetings are.
NIST also listed security measures that can enhance your data security strategy, including:
- Multi-Factor Authentication
- PINs to prevent outsiders from entering via a guessed URL or meeting ID
- Reminding participants to protect sensitive data before they share their screens
To learn more about tools NIST and other cybersecurity experts recommend, read our blog: Zero Trust Is a Must to Combat Shadow IT, Zero-Day Attacks And More.
Deciding on Your Mobile Strategy
If you’re ready to upgrade your business’ video conferencing capabilities and invest in secure options, click the button below to speak to a managed communications expert.