The promise of BYOD lies in its flexibility and potential for cost savings, yet this inherent flexibility ushers in a number of risks and issues, with the potential for data breaches and cybersecurity risk presenting a significant concern.
Company-issued mobile devices
In contrast, a work environment of corporate-owned and managed devices means there are high security standards and best practices in enterprise mobility. This includes having MDM software in place combined with robust security policies and the ability to remotely wipe data from lost or stolen devices.
But with BYOD, this doesn’t always apply. As the company does not own or control the device hardware, BYOD can mean unmanaged devices. And unmanaged devices can put business data at serious risk. In many situations, IT departments can lose control over the hardware and are unable to mandate apps employees should install (and the ones they can’t), how they secure their devices, or what files they are allowed to download.
BYOD security issues
When blurring line between personal and professional use, an employee downloading gaming apps or images on their personal device that unbeknown to them harbour a malware infection could wreak havoc once the device reconnects to the corporate network. Unmanaged BYOD devices can raise the potential for phishing attacks, mobile ransomware, and man-in-the-middle attacks.
BYOD also brings the complexity of varied tech stacks with employees using an array of different devices and operating systems, making it difficult to enforce uniform security measures or offer support. The effectiveness of security measures also depends heavily on how well employees maintain their own device security. Sometimes, these devices have unpatched vulnerabilities that are ripe for exploitation by hackers.
Besides security issues, there are other challenges IT teams face, including resourcing the specialised skills and additional staffing required to manage a BYOD program in-house. Effective mobile management is more complicated in a BYOD environment but it’s critical to set up some mantle of control in the event an employee loses their mobile device or when they leave the company. While employee privacy considerations are a major factor, devising a BYOD policy that gives you the discretion to wipe corporate information from their personal devices as and when necessary is essential. Whether it’s through MDM or MAM software, you’ll need to manage enrolling your employees’ devices into that program.
And while the responsibility for maintaining and updating devices largely falls to the employees, you need to allow for managing the MDM or MAM aspects of your BYOD program and providing user support. This can place a significant burden on your team’s time.
Mobile phone usage reimbursements
Another consideration is compensation. Many employees who use their personal phones for work expect some degree of payment. But reimbursing employees in this way can end up substantially more than you would have spent for the same usage on a plan negotiated for the company.
Transition to company-issued mobile devices
Given the potential for exposure to cybersecurity risk and escalating support needs, many companies are now choosing managed mobility and company-issued devices as their preferred option for enterprise mobility.
If you are currently supporting mobility with BYOD and are looking to address the risk that comes with it, please get in touch with imei.
