- Created: Wednesday, 19 May 2021
- Written by Tim Nicholls
It has become more common for businesses to allow their users to access their email, calendars or other services such as Microsoft Teams, through a personal mobile phone, tablet or other device, usually referred to as “Bring Your Own Device” (BYOD). It has become increasingly popular because people don’t want to carry a work and a personal device, but do want the convenience of being able to stay in touch on-the-go. The increase in remote working as we have navigated the restrictions imposed by COVID-19 has added to the popularity, and companies have appreciated not having the extra expense of providing these devices to their users.
However there are risks:
- If the device is lost or stolen, it opens up a backdoor into the organisation.
- The device may also have malware acting as a backdoor.
These backdoors are sold to organized crime who have the resources to exploit them. They will deploy ransomware, steal your information, leak it to your competitors and it will cost a fortune.
There are steps a company can take to mitigate these risks, such as implementing an Acceptable Use Policy and using a Mobile Device Management (MDM) system. A properly configured MDM will:
- Secure the device with a PIN or other screen lock
- Ensure the device is encrypted
- Enforce Multi-factor Authentication
- Remove apps or data relating to the business when the user leaves, or if the device is reported lost or stolen
- Define a subset of services that can be accessed from a personal device and restrict access to highly confidential services and data
- Inventory the devices that are connected to your systems
- Audit and update the policies. Device capabilities change over time and what was once appropriate may have been superseded
Contact us to make sure your organization is set up to use personal devices safely.