It has become very common for employees to bring their own devices to the office for their workflow. Although it might be convenient for the employee and often the employer, BYOD risks are real.
Attaching any device onto your internal network creates a doorway into that network. If the device is not properly defended, then this can be a convenient way for hackers to get access to your infrastructure. Not to mention the more mundane attacks such as phishing, which has seen 43% of employees being targeted on average.
Why the Surge in BYOD Risks?
The work from home culture has really fanned the flames of the BYOD – bring your own device – age. Many employees became accustomed to using their own devices for work at home; when they re-entered the office, they brought those devices with them.
On top of this, consumer devices are just more capable, affordable, and transportable than ever. Many employees now do work off their smartphones, because many of them are just as capable as computers.
This transition is likely not going to slow any time soon. In fact, likely more consumer end-point devices will be brought into the workplace. So, managing these devices will be very important for securing the future of your IT infrastructure.
How Employees Use Home Devices at Work
There are common tasks that employees use their home devices for. Here is a rough breakdown:
- 66% Used their own texting apps for work-related purposes
- 59% Used their personal direct messaging apps for work
- 57% occasionally used their work email for personal reasons.
This is not such a big deal. However, there are real risky behaviors that employees partake in when mixing together their digital lives. The most shocking is that:
- 71% of employees store sensitive work passwords on personal devices.
It’s important to recognize that this is not all the employee’s fault. It is now getting more common for employees to be required to install work-related applications.
The Many BYOD Security Risks
Having 71% of employees store work related credentials on their personal phones is scary. It becomes even more threatening when you learn that 43% of employees were the target of a phishing attack. This can compromise valuable organizational credentials.
Mixing digital worlds can introduce new threats, as 95% of security experts say that phishing attacks via personal messaging platforms are growing rapidly.
In addition, when you blur the lines between work and personal life, employees tend to use personal passwords at work. This is horrible practice, as a lot of personal passwords have been compromised at one point or another, and their reuse at work will make them an easy target.
How BYOD Takes Security Out of Your Hands
There are a lot of potential concerns which come about from having too many personal endpoints on your network. Liability issues start springing up, and a certain element of control gets shifted away from the administrators.
For instance, there can no longer be such a fine-grained deployment of policies. 2FA is much harder to set up when the end user is in an out of the office. They can uninstall any application, or install their own potentially malicious apps without warning. There is no way to control the contents of that endpoint.
Also, consider the implications of storing work data on personal devices, especially if it becomes lost or stolen. What if the user disables passwords on their endpoint before this happens, or changes it to something trivial?
90% of admins say that securing personal devices is one of their highest priorities. However, of these individuals, only 63% thought they had the right tools to accomplish the job. Also, 89% of them said that they were uncomfortable with accessing the personal endpoints of their employees.
Moving Onward into the BYOD Age
This transition is unlikely to slow down moving into the future. Therefore, this is an environment we are all going to have to get comfortable navigating. Even with two devices, employees find themselves using personal devices for work and vice versa.
The only way to keep up is to manage every and any endpoint on the network, making the terms very clear to employees. LiveLinx provides managed services including protecting every endpoint on your network with backups, remote monitoring, antivirus, anti-phishing, and more. Contact us to get a free consultation on your organization’s security.