BYOD strategy for Small Business
With employees working from home in greater numbers and BYOD (bring your own device) culture often deemed as a benefit of employment, now is the right time to discuss using company-allocated devices vs. personal computers for work. Here are the benefits, trade-offs, and cybersecurity concerns.
The perceived benefits of Using Personal Computers for Work are as follows:
* Most workers aged thirty or younger believe their personal devices are better for productivity than their work ones.
* Companies can save on Capex costs for every employee who uses their own devices for work.
* Employees with BYOD devices can be onboarded quicker with less fuss and overheads.
* The worker gets the comfort of working with a familiar device so the company receives a little extra productivity and worker satisfaction.
* It is not economically viable to supply company-owned assets for part-time staff, volunteers, or contractors.
However, BYOD culture opens some serious downsides:
* There is an increased risk of cybersecurity threats.
* The company no longer has complete control over the environment in which sensitive — and potentially classified.
* Who else has access to the machine in question besides the employee?
* How conscientious are the employee’s password hygiene and web-browsing habits?
* How frequently are the machine’s applications and operating system updated?
* What antivirus and anti-malware software is installed?
Companies considering any form of bring-your-own-device culture must weigh the risks of device loss and data exposure against the potential advantages of BYOD for the company and the workforce. Many small businesses will be uncomfortable with such risks and exposure; therefore, the deployment of company-owned assets should be seen as the primary choice.
There may be industry-specific certifications and cybersecurity standards to weigh as well. If you have ambitions of becoming a government contractor, some cybersecurity maturity certifications may have restrictions that preclude using personal devices.
Here are a few other cybersecurity and security concerns worth considering before considering BYOD.
The potential productivity benefits of using PCs for work may vanish if employees’ machines aren’t up to the task. In addition to running antivirus and anti-malware software in the background, employee devices must capably perform and multitask at the same level as company-owned items or else productivity will suffer.
Conducting regular backups of personal computers’ content is one of the most basic tenets of using a PC safely. However, should the company back up personal files alongside its IP if someone uses their own device for work? This may be a delicate matter for some employees, which means there needs to be a clear set of expectations before they begin using personal computers for work.
Support and repairs
Repairing computers can be a weak link for cybersecurity. There may be spans of days or weeks where the machines are outside your control and the chain of custody is unclear. For example, does the employee take the device to your company’s IT support team for service or to the original equipment manufacturer? Moreover, what is the process for repairing computers containing sensitive data? Overall, is it the device owner’s or your IT team’s responsibility?
Chain of custody
Finally, how can you track the chain of custody before and after the device leaves the company's hands? If your teams use their personal computers for work purposes, it will require extra precautions. While your business may save some money by letting employees use their own devices, you may also lose out if that same device gets hacked or loses client information. Staying safe means every party needs to be aware of the potential risks and know how to do their part to mitigate them.
If you decide to allow staff to use their personal computers in the workplace, then it is essential that you have a BYOD policy. A BYOD policy outlines how your employees can use their personal devices (e.g., smartphone, laptop, iPad) for work-related tasks. If you expect or allow employees to use their own devices, it can open your organisation up to a world of ‘what ifs’ like should they be using their personal number for work? There are a lot of grey areas, and a BYOD policy’s main job is to give clarity on expectations, protections, and limits – for both the employer and the employee.