Are BYOD Practices Putting Your Business at Risk?

READ TIME: 4 MIN

June 1, 2022
(Updated May 6, 2023)

Are BYOD Practices Putting Your Business at Risk?

In our hyper-connected world, most of us have experienced some degree of blurring between “work” and “personal” spheres. An example of this phenomenon is bring-your-own-device (BYOD) work practices, which refers to the use of personal devices for work purposes. Although BYOD was initially somewhat controversial, it is now the norm rather than the exception. In fact, 83% of companies now allow at least some use of personal devices for work purposes¹. As BYOD creates distinct cyber security risks, it is important to understand the nature of those risks and how to contain them.

Why Have So Many Employers Adopted BYOD?

Before discussing risks, it is worthwhile to consider the reasons that BYOD has become so prevalent. One of the main reasons that BYOD has taken off is because it enhances job satisfaction for employees who have strong device preferences—and this is a sizable portion of the workforce. Specifically, 50% of employees over the age of 30 expressed a strong preference for their own devices over those provided by their employer².

Use of personal devices can also cut costs and create efficiencies for employers. Whether employees are working remotely or in the office, using familiar equipment is less stressful and reduces the time a company must invest in device-related training and troubleshooting. It also increases productivity by making it easier for employees to keep working while away from their desks; on average, a BYOD employee puts in an extra two hours each day³.

Cost savings of BYOD are also attractive to employers, especially to small and medium-sized businesses (SMBs) that have limited budgets. Studies have demonstrated that BYOD practices may save a company $350 to $1,300 per employee, per year⁴. Given these clear benefits, it’s easy to see why BYOD has caught on so widely; however, with these benefits come distinct cyber security risks.

How Does BYOD Create Cyber Security Risks?

In spite of the benefits, BYOD practices introduce a higher degree of cyber risk for businesses. This is because every device that connects to a company’s network (i.e., every endpoint) creates a new point of vulnerability for hackers to exploit. Illustrating this risk, 51% of data breaches have been attributed to employees’ personal devices⁵. Risk emerges from multiple points:

Unmanaged devices: The term “shadow IT” refers to employees’ use of devices, software, and applications for work purposes without the knowledge of the employer. Shadow IT creates risk because if a company isn’t aware that a device is being used for work, then it cannot implement normal precautions (e.g., anti-malware software). When polled, 17% of employees admitted to using their cell phones for work without telling their employer⁶. It only takes one point of vulnerability for a data breach to occur, making this a considerable threat.
Lax personal device security: Although your company might require strong passwords and multifactor authentication, employees may be less stringent with security practices for their own devices. Many employees may even store company passwords in unsecured notes apps on their mobile devices. If an employee’s personal device is hacked, this gives the hacker easy access to business networks and data.
Malware: Another point of vulnerability is downloads; when using personal devices, employees may unwittingly download files or programs that contain malware. Malicious code can then be spread to the company network the next time the employee logs in from their device.
Device loss: Another source of risk is device loss, as employees are more likely to carry personal devices around with them than company-issued devices. This makes personal devices more likely to be lost, increasing the chances of business data falling into the wrong hands.

Cyber Defense Strategies for BYOD-Related Risks

Whether your business formally sanctions BYOD practices or not, enacting protective strategies is the safest option. Here are important methods to consider:

Managed endpoint detection: To recognize threats to your company’s network, it is necessary to first identify all endpoints. Keeping track of all personal devices manually is time-consuming and prone to error. With managed endpoint detection, however, any new devices that access your network are automatically detected, whether the employee has informed you of their intent to use the device or not.
Managed endpoint monitoring: In addition to detecting endpoints that are logged into your business network, it is important to proactively monitor for suspicious behavior or indicators of malware. With managed endpoint monitoring, any malicious activity is detected immediately, triggering an appropriate response such as logging the user out and issuing alerts.
Patch management: When vulnerabilities are identified in operating systems, software, or applications, patches that resolve them are issued. Because cyber criminals can exploit these vulnerabilities to hack into business networks, it is essential that patches and updates be installed immediately. With the expanded attack surface BYOD creates, falling behind on updates is a recipe for disaster.
Vulnerability scanning: In addition to endpoint detection, it is also important to routinely scan all endpoints on the network edge for vulnerabilities. With an ever-changing collection of personal devices accessing your network, spotting areas of vulnerability and addressing them promptly is sound practice.
Employee security awareness training: Your employees are the #1 source of cyber risk to your business, making cyber security awareness training essential in a BYOD environment. When employees are equipped to make smart choices, the whole business benefits.

With a range of solutions to defend against cyber threats of all types, NexusTek supports SMBs to take advantage of the benefits of BYOD practices while maintaining a robust cyber security posture.

Would you like to learn about cyber defense strategies to protect against BYOD-related risks?

References:

Kolmar, C. (2022, October 17). 26 surprising BYOD statistics [2023]: What to know for your business. Zippia. https://www.zippia.com/advice/byod-statistics/
Bullock, L. (2019, January 21). The future of BYOD: Statistics, prevention and best practices to prep for the future. Forbes. https://www.forbes.com/sites/lilachbullock/2019/01/21/the-future-of-byod-statistics-predictions-and-best-practices-to-prep-for-the-future/?sh=3f62f1501f30
Kolmar, C. (2022, October 17). 26 surprising BYOD statistics [2023]: What to know for your business. Zippia. https://www.zippia.com/advice/byod-statistics/
Barlette, Y., Jaouen, A., & Baillette, P. (2021). Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies. International Journal of Information Management, 56, 1-16. https://doi.org/10.1016%2Fj.ijinfomgt.2020.102212
AT&T. (2017). Mind the gap: Cybersecurity’s big disconnect–The CEO’s guide to cybersecurity. https://www.business.att.com/content/dam/attbusiness/reports/cybersecurity-report-v6.pdf
Kolmar, C. (2022, October 17). 26 surprising BYOD statistics [2023]: What to know for your business. Zippia. https://www.zippia.com/advice/byod-statistics/

Share On Social

June 1, 2022

NexusTek Honored on CRN’s 2022 Solution Provider 500 List

Recognized as a leading solution provider for the fourth consecutive year

Denver, CO, June 1, 2022 — NexusTek, a top national cloud, managed IT services, and cyber security provider, today announced that CRN^®, a brand of The Channel Company, has named NexusTek to its 2022 Solution Provider 500 list.

CRN’s annual Solution Provider 500 ranks North America’s largest solution providers by revenue and serves as the gold standard for recognizing some of the channel’s most successful companies. With a combined revenue of more than $434 billion, this year’s list represents an impressive amount of influence and impact wielded by these companies on today’s IT industry and the technology suppliers they partner with.

“NexusTek is honored to be recognized on CRN’s 2022 Solution Provider List,” said Scott Ray, Chief Operating Officer of NexusTek. “At NexusTek, we place our customers’ success and satisfaction above all else, allowing their needs and priorities to drive our strategic solution offerings and customer service provision. We believe that our own success, evidenced by our inclusion on CRN’s SP500 for four years running, demonstrates the importance of making customer service the core of our values and actions. We plan to continue in this direction, evolving as a solution provider as our customers’ needs require.”

“The Solution Provider 500 list from CRN serves as the benchmark for the top technology integrators, strategic service providers, and IT consulting firms, making it an invaluable resource for technology vendors seeking to partner with today’s top-performing IT solution providers,” said Blaine Raddon, CEO of The Channel Company. “My congratulations go out to each of these companies for their extraordinary contributions to the continued growth and success of the IT channel.”

CRN’s 2022 Solution Provider 500 list is available online at www.CRN.com/SP500 and a sample from the list will be featured in the June issue of CRN Magazine.

With over 25 years of experience, NexusTek provides holistic solutions that combine best-in-class technology and an experienced workforce of highly skilled engineers and IT professionals to design, deliver, on-board, and maintain IT operations for thousands of businesses across the U.S. and Canada.

About NexusTek

Trusted by thousands of small and medium-sized businesses (SMBs), NexusTek is a national managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting. We design holistic solutions for customers that deliver a superior end-user experience, backed by a 24/7/365 domestically staffed support team. NexusTek Managed Service Plans offer end-to-end IT management with fixed-monthly, per-user pricing through which SMBs can leverage helpdesk, backup, disaster recovery, dedicated engineers, security, 24×7 remote support and network monitoring services while creating predictable IT budgets.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com

The Key to a Secure and Efficient Hybrid Workforce

The State of AI for Businesses: Top Strategies and Risk Concerns

Cyber Risk & Your Supply Chain: Managing the Growing Threat