Business News Daily provides resources, advice and product reviews to drive business growth. Our mission is to equip business owners with the knowledge and confidence to make informed decisions. As part of that, we recommend products and services for their success.
We collaborate with business-to-business vendors, connecting them with potential buyers. In some cases, we earn commissions when sales are made through our referrals. These financial relationships support our content but do not dictate our recommendations. Our editorial team independently evaluates products based on thousands of hours of research. We are committed to providing trustworthy advice for businesses. Learn more about our full process and see who our partners are here.
With many companies adopting a hybrid work model, employees are more inclined to use their own devices. What are the “bring your own device” (BYOD) implications for businesses and their workers?
It’s become increasingly common for companies and organizations to adopt a “bring your own device” (BYOD) policy. What does this mean, and what are the advantages and drawbacks that decision-makers should be aware of? This guide offers insight into BYOD policies; it also explains how you can create a safe and efficient workplace when employees are using personal devices instead of company-provided ones.
BYOD has become commonplace across various industries as more companies embrace a hybrid work model — i.e., when employees come into the office on some days and work from home on others. Rather than using a company-issued computer in the office and a personal device at home, BYOD to work is a feasible solution.
It’s easier for companies to allow employees to use their own devices at home, in the office or from any other location instead of providing them with such equipment. Personal laptops, smartphones, tablets and USB devices are now used for company purposes; those devices can access company networks for employees to complete their work.
While the basics of BYOD to work sound easy to implement, BYOD has certain levels. Each pertains to the amount of security measures in place and the company information employees can access on their personal devices. In general, the more secure the organization or role an individual has, the less work that employee will be able to do on their own personal device.
Cybersecurity experts don’t always agree on the exact specifics of the various BYOD levels, but there are typically three. These levels, depending on the company, either become more or less secure as they ascend or descend. Here’s one perspective where the lower the level, the fewer work-related tasks you can complete on your own device.
Allowing employees to use their own devices for work purposes offers some major advantages for businesses.
One of the first results you may notice after implementing a BYOD policy is a boost in productivity. Employees being able to access the company network from their smartphone or personal laptop removes the limitations of a 9-to-5 workday — letting them work at any time. Whether it’s checking email while on vacation or updating a presentation on the train ride home, team members are able to get work done outside the confines of the office. Thus, they may make more progress. [Read related article: Cybersecurity While Traveling — Tips & Tricks]
Cost is another reason why many businesses have embraced BYOD. While companies previously had to pay for the hardware, software and service contracts for business-owned devices, BYOD policies shift those costs to the worker. The staffer is the one buying the phone or tablet, as well as the service contract that goes with it; this frees businesses from having to cover those expenses.
BYOD policies can also help you attract new employees. Since many people prefer to use their own devices, businesses that give workers the ability to do so may have an advantage with job applicants.
While there are many reasons to favor BYOD, there also are reasons why you might want to think twice. The most pressing concerns involve the security and protection of valuable data.
The first drawback has to do with the sheer number of users and devices that are given access to a company network when allowing BYOD. If a network is open to all employees and their personal devices, the risk of a breach substantially increases.
By opening up their networks, employers are gambling that all employee-owned devices are free of viruses and other malware. Businesses with BYOD policies must have extra security measures in place to ensure their networks are free from cybercriminals who may target personal devices.
The second concern is that giving employees access to important company information via their own devices increases the possibility that sensitive data could end up in the wrong hands. Once data leaves the protected confines of the company network, it could conceivably be seen or stolen by anyone. Also, should a device become lost or stolen, all of the data it holds may be compromised.
These security worries put a tremendous amount of pressure on IT departments to support the wide variety of devices employees are using; IT must ensure each one meets the organization’s security standards.
When personal devices are allowed to access company networks, it makes security more challenging for IT departments. This is particularly true when the employees may be working remotely. Businesses with distributed workforces that use their own device need to keep the following in mind.
Personal devices tend to have less comprehensive security protections than company-issued devices. Therefore, it’s crucial for companies to educate employees on cybersecurity best practices; these include identifying phishing scams, avoiding spam links and not opening emails from unknown sources.
Device infection, data leakage or loss, and mixing personal and work data are all issues that can arise in companies that have adopted BYOD policies. IT departments must be vigilant in protecting these personal devices. Installing antivirus software, using firewalls and exercising containerization are some ways companies can reduce the risk of cybersecurity incidents.
Gone are the days of companies keeping their assets safe simply by locking the office at the end of the day. BYOD policies, especially when combined with remote work, open up devices to additional risks of theft or misplacement. An employee losing their personal phone that only has access to calendar or email information still presents a risk: potentially helping cybercriminals learn of business meetings or employee email addresses. The risk significantly increases if that phone also has access to company data.
Businesses should consider mandating additional authentication methods for any BYOD mobile devices, including phones and laptops. For example, organizations may want to consider two-factor authentication or fingerprint scanning to ensure only the device owner is using it.
An additional risk with personal devices is employees may interact with phishing emails or visit malicious websites that they would not otherwise view on work-issued devices. This is especially true when employees work remotely, as the lines between work and home are further blurred. If individuals conduct work on personal devices, organizations should take time to educate employees on safe browsing habits.
Companies that allow employees to use their own devices need to have a well-thought-out BYOD policy that governs how they can be used. These policies are designed to protect companies from numerous security concerns.
These are some aspects every effective BYOD policy should include.
After you draft your BYOD policy, require all employees to sign it and alert them any time you make a change to the policy.
BYOD brings a lot of flexibility to the workplace. This can be a huge boon for companies and employees; however, unless instituted correctly, BYOD can also pose a significant security threat to organizations.
Organizations hoping to implement BYOD should follow these best practices for both employee and organizational safety.
There are alternatives to BYOD that may better fit with a company’s security culture or regulatory compliance requirements. Instead of allowing employees to use their personal devices, consider these options.
Organizations provide employees with company-owned devices, such as dedicated cell phones or laptops, to use for work purposes only. COD gives businesses greater control over these devices; it can include monitoring software or prevent team members from installing unvetted applications. However, COD costs more for the company as you must purchase and provide each device.
Organizations allow employees to select from a range of company-owned and -provided devices. This grants employees greater flexibility in device choices, such as choosing between a PC or Mac; however, it still allows the company to apply any desired security controls on the device. Like with COD, CYOD devices are still business devices that are not intended for personal use.
Organizations provide employees with devices that can be used for both personal and professional reasons. Businesses specifically configure the devices to be usable in most circumstances — granting employees flexibility while still keeping company security measures in place.
VDI allows employees to access a virtualized desktop environment (VDE) through their personal computers as long as they have an internet connection. The VDE is hosted in the cloud and can contain all of an employee’s work files and network connections. VDIs can be configured to prevent staffers from moving any files between the VDI and their personal storage; this allows for secure, remote connections to employer resources that can be easily terminated if necessary. [Read related article: What is Workspace Virtualization? And Does Your Business Need It?]
BYOD can offer businesses a range of advantages, from attracting remote talent to saving money. However, companies need to keep in mind that BYOD is not a one-size-fits-all solution. Instead, organizations need to consider exactly what they want from BYOD and how the practice fits into their wider security needs. For businesses requiring higher levels of device security, alternatives to BYOD may ultimately be a better fit.
Shannon Flynn and Chad Brooks contributed to this article.