We use cookies on the site to improve our service. By clicking any link you are giving consent for use of cookies. Click here for more information

Personal Devices

There is an increasing trend towards employees bringing their own devices into the workplace – whether laptop computers, smartphones, tablets or USB-connected storage devices. This practice, known as bring your own device (BYOD) can have pros and cons for both the organisation and the employee, but the fact remains that personal devices pose one of the highest risks to any organisation’s information security. 

Data ownership is fundamental. Allowing employees put company data on a personal device, means a degree of loss of control over that data, compared with retaining it safely within the company … be it a network, in the cloud or on a company-owned portable device. An employee’s device can be difficult to monitor effectively; it can be difficult to know what data is stored on the device if lost or stolen; and when the employee leaves it could be impossible to retrieve the data. It can be difficult to encrypt personal data on an employee device … potentially contravening the Data Protection Act. In addition, if a personal device which is used for work purposes, there is a grey area around who provides technical support … and who pays for it.

You may experience pressure to permit the use of personal devices at work, but you would not procure a new item of equipment for the business without first considering the business case in terms of cost, risk and return on investment.

The Risks

  • Theft of company data by an employee.
  • Loss or theft of company data if the device is lost or stolen.
  • Malicious or inadvertent introduction of malware on to company systems.
  • Loss of compliance with your industry regulations or standards.
  • Spiralling costs for technical support for ‘unknown’ devices.
  • Data limits being exceeded through employees downloading large files (such as movies) via the company network.
  • Employee timewasting through visiting websites / using applications on personal devices.
  • Incompatibility of software products or versions.

Advice on Personal Devices at Work

  • Decide whether it is necessary to allow the use of personal devices in the workplace: does the business benefit outweigh the costs and risks? 
  • If so, decide to what extent should the use of personal devices should be permitted (types of device, for what purpose and by whom).
  • Carry out a risk assessment and ensure that adequate controls are in place to reduce risks to the business.
  • Ensure that personal devices usage is included in your acceptable use policy – for example in employee contracts and staff handbooks.
  • Consider implementing one of the many available mobile device management solutions. 

 

 

 

See also...

 

Data Loss Prevention
Your data is one of your most important assets. Keep it safe.

Software
Stay safe and legal when choosing and using software for your business.

Remote and Mobile Working
Keeping connected away from the office must be secure. Here’s how.

Data Protection Act
The Act carries serious obligations. Make sure you comply. 

Information Access Management
Control who has access to what business data.

Passwords
Choosing and using passwords correctly is very important. 

Physical Security
A few physical security measures to help combat cybercrime. 

Physical Security
Some great tips for looking after your smartphone or tablet.