Bring your own devices to work and cyber security – what your business needs to know
November 17th, 2017
Allowing your employees to bring their own devices to work can pose a cyber security threat but having a robust policy can minimise risks, says Miriam Wraight from the Home Office…
More and more businesses are adopting bring your own device (BYOD) technology and policies, which is unsurprising given the benefits it offers, including allowing for more flexible work practices, greater productivity, and savings on IT hardware. However, BYOD can also pose risks to a business’s cyber security. All it takes is one unsecure device to compromise a business’s entire network, resulting in data or financial theft. Simple advice from Cyber Aware (external link) can be adopted by business and personal device users to help protect against cyber attacks.
When employees bring their own devices to work, it means you have less control over how devices used in the workplace are secured (e.g. passwords used) and how up-to-date software and apps are, which could pose security threats to your business. Businesses need to make sure a sound BYOD policy is in place which includes the key protective advice against cyber threats so that your employees are aware of the risks and their role in combatting these.
You don’t know who else has access to an employee’s device, such as their family members or friends, and there’s potentially a greater risk of an employee’s device being lost or stolen when they’re ‘on the move’. That’s not to say BYOD is not a good idea – particularly if your business is looking to reduce costs, but businesses should be aware of the risks. It’s important to foster a culture that prioritises protective actions, that can help to prevent security breaches and negative impacts, such as reputational damage or loss of business. This is particularly important for small businesses which may not have the expert personnel in place to set policies and advise on the best steps.
With research from past reports of the state of cyber security amongst UK businesses showing that 43% of cyber attacks target small businesses, no one can afford to ignore their online security. Operating BYOD securely is a two-pronged approach: there are many mobile device management solutions available to businesses with inbuilt security functions – however, it is also up to business leaders to educate their staff about secure online behaviours to mitigate risks of data theft. The following tips can be embedded in BYOD policies, as well as staff training.
Cyber security behaviours that help to protect business and personal devices, advised by the National Cyber Security Centre (NCSC), include:
- Use a strong, separate password for your email account
Advise your staff to create strong, separate passwords for their email accounts, as hackers can use email as a gateway to gain valuable information. The best passwords use three random words or numbers to create a strong password.
- Always back-up your most important data
Safeguard your business’s most important data by backing it up to an external hard drive or a cloud-based storage system. If an employee’s device is infected by a virus or accessed by a hacker, your data may be damaged, deleted or held to ransom by ransomware, which means you won’t be able to access it. Backing up your data means you have another copy of it and can’t be held to ransom.
- Install the latest software and app updates
Ensure you and your colleagues always download the latest software and app updates on all devices used for work – whether it’s a work mobile or a home computer. These contain vital security upgrades which protect devices from viruses and hackers. This, according to the National Cyber Security Centre (NCSC), is one of the most important actions people and businesses can take to protect themselves from cybercrime. What takes staff a matter of minutes (often the time to do a tea round) can help protect the assets and reputation of a whole company.
- Secure your tablet or smartphone with a screen lock
Part of your BYOD policy should also require that staff employ a screen lock, as it will give devices an extra layer of security, as each time they want to unlock it or turn it on, they will need to enter a PIN, pattern, password or fingerprint. This means if someone gets hold of a device, they can’t access the data without entering one of these credentials.
There is no doubt that BYOD has transformed the world of work, in many cases for the better, but with this change also comes new risks. Engaging with these measures – and following the latest advice – is critical. Not only do you have to be robust in your business processes but in how your team manage their own cyber security. It’s an investment worth making – for minimal time and effort now, you could save your business data – and bottom line – later.
For information on how to build on your business’s cyber aware behaviours, head to Cyber Essentials (external link) for further advice.
Hiscox have also collated a wealth of resources for small business owners and employees to encourage higher levels of understanding and proactive defence. You can find these in our cyber security topic page and also in our cyber insurance FAQs.