Pandemic “quick fix” BYOD strategies are simply not enough in 2022.
BYOD Policies have been a hot topic for a while now, even pre the pandemic. But now that the new working environment norm of hybrid and out of office working is here to stay, BYOD strategies need to be reconsidered.
Specific examples of BYOD/IT strategies and how these have worked practically, including benefits and drawbacks:
BYOD (Bring Your Own Device) strategies usually work best for organisations when they are limited to mobile phones. After all, the days when employees had a company mobile phone are coming to a close, and for good reason. Most people have their own personal mobile device that can be used for work tasks, so why have two phones?
Indeed, the rise of ‘soft phones’ means that giving out a mobile number over a business number is no longer necessary when dealing with corporate calls or texts. This allows businesses to keep better control of its telephone numbers which are, in effect, company assets.
Also, some employees might feel reluctant to use their phone data for business activities. Although, this issue has started to progressively fade, as most phone contracts now include unlimited calls and data bundles. Whilst businesses don’t need to cover the whole cost of data and calls, providing a nominal allowance can be a good way to deal with any reluctance.
Is there a flexibility versus security consideration to be had, or is this a false dichotomy?
With a large percentage of workloads, security that can be implemented on company devices is often significantly greater than a personal device. However, if businesses want to find a balance between flexibility and security, one option is to choose a CYOD (Choose Your Own Device) strategy, which gives employees a feeling of choice but one that is balanced by the secure controls required by an employer.
That said, we would expect BYOD strategies to be more widespread across businesses in the coming years. This is because more and more applications and systems are becoming either web or cloud-only solutions, particularly as interoperability and usability improves to support a hybrid workforce. Until then, the application stack in organisations isn’t quite where it needs to be.
Why are pandemic “quick fix” BYOD strategies not fit for purpose in 2022?
When the pandemic first hit, many organisations rushed into a quick fix by making BYOD arrangements in a bid to keep their staff and their business operating. However, a substantial number of companies simply haven’t re-evaluated their risk profiles since implementing these systems, nor have they evaluated the technical and policy-based controls that are required.
This is a significant concern that organisations should look to address urgently, alongside other measures they should consider taking, such as a review of methodology and ideally bringing in a formal IT security governance framework, such as ISO 27001 or IASME.
How can attackers take advantage of vulnerabilities and misconfiguration in devices and networks?
Any significant holes in an organisation’s security will be found and exploited by attackers in the current cyber threat landscape. These vulnerabilities may be as small as a simple missing security patch. Or an insecure home or public WiFi, misconfigured local firewall, or even an employee who is unaware of current threats. Whichever gap in security it is, a hacker or one of their automated systems will find it. Especially as they are incentivised by financial gain. Indeed, the global cybercrime industry is now worth over £6 trillion – three times the size of the crypto market, so companies have everything to gain from investing in their IT security to protect them from cyber threats.