Skip to content


Are BYOD Practices Putting Your Business at Risk?

Are BYOD Practices Putting Your Business at Risk?

In our hyper-connected world, most of us have experienced some degree of blurring between “work” and “personal” spheres. An example of this phenomenon is bring-your-own-device (BYOD) work practices, which refers to the use of personal devices for work purposes. Although BYOD was initially somewhat controversial, it is now the norm rather than the exception. In fact, 83% of companies now allow at least some use of personal devices for work purposes1. As BYOD creates distinct cyber security risks, it is important to understand the nature of those risks and how to contain them.

Why Have So Many Employers Adopted BYOD?

Before discussing risks, it is worthwhile to consider the reasons that BYOD has become so prevalent. One of the main reasons that BYOD has taken off is because it enhances job satisfaction for employees who have strong device preferences—and this is a sizable portion of the workforce. Specifically, 50% of employees over the age of 30 expressed a strong preference for their own devices over those provided by their employer2.

Use of personal devices can also cut costs and create efficiencies for employers. Whether employees are working remotely or in the office, using familiar equipment is less stressful and reduces the time a company must invest in device-related training and troubleshooting. It also increases productivity by making it easier for employees to keep working while away from their desks; on average, a BYOD employee puts in an extra two hours each day3.

Cost savings of BYOD are also attractive to employers, especially to small and medium-sized businesses (SMBs) that have limited budgets. Studies have demonstrated that BYOD practices may save a company $350 to $1,300 per employee, per year4. Given these clear benefits, it’s easy to see why BYOD has caught on so widely; however, with these benefits come distinct cyber security risks.

How Does BYOD Create Cyber Security Risks?

In spite of the benefits, BYOD practices introduce a higher degree of cyber risk for businesses. This is because every device that connects to a company’s network (i.e., every endpoint) creates a new point of vulnerability for hackers to exploit. Illustrating this risk, 51% of data breaches have been attributed to employees’ personal devices5. Risk emerges from multiple points:

  • Unmanaged devices: The term “shadow IT” refers to employees’ use of devices, software, and applications for work purposes without the knowledge of the employer. Shadow IT creates risk because if a company isn’t aware that a device is being used for work, then it cannot implement normal precautions (e.g., anti-malware software). When polled, 17% of employees admitted to using their cell phones for work without telling their employer6. It only takes one point of vulnerability for a data breach to occur, making this a considerable threat.

  • Lax personal device security: Although your company might require strong passwords and multifactor authentication, employees may be less stringent with security practices for their own devices. Many employees may even store company passwords in unsecured notes apps on their mobile devices. If an employee’s personal device is hacked, this gives the hacker easy access to business networks and data.

  • Malware: Another point of vulnerability is downloads; when using personal devices, employees may unwittingly download files or programs that contain malware. Malicious code can then be spread to the company network the next time the employee logs in from their device.

  • Device loss: Another source of risk is device loss, as employees are more likely to carry personal devices around with them than company-issued devices. This makes personal devices more likely to be lost, increasing the chances of business data falling into the wrong hands.

Cyber Defense Strategies for BYOD-Related Risks

Whether your business formally sanctions BYOD practices or not, enacting protective strategies is the safest option. Here are important methods to consider:

  • Managed endpoint detection: To recognize threats to your company’s network, it is necessary to first identify all endpoints. Keeping track of all personal devices manually is time-consuming and prone to error. With managed endpoint detection, however, any new devices that access your network are automatically detected, whether the employee has informed you of their intent to use the device or not.

  • Managed endpoint monitoring: In addition to detecting endpoints that are logged into your business network, it is important to proactively monitor for suspicious behavior or indicators of malware. With managed endpoint monitoring, any malicious activity is detected immediately, triggering an appropriate response such as logging the user out and issuing alerts.

  • Patch management: When vulnerabilities are identified in operating systems, software, or applications, patches that resolve them are issued. Because cyber criminals can exploit these vulnerabilities to hack into business networks, it is essential that patches and updates be installed immediately. With the expanded attack surface BYOD creates, falling behind on updates is a recipe for disaster.

  • Vulnerability scanning: In addition to endpoint detection, it is also important to routinely scan all endpoints on the network edge for vulnerabilities. With an ever-changing collection of personal devices accessing your network, spotting areas of vulnerability and addressing them promptly is sound practice.

  • Employee security awareness training: Your employees are the #1 source of cyber risk to your business, making cyber security awareness training essential in a BYOD environment. When employees are equipped to make smart choices, the whole business benefits.

With a range of solutions to defend against cyber threats of all types, NexusTek supports SMBs to take advantage of the benefits of BYOD practices while maintaining a robust cyber security posture.

Would you like to learn about cyber defense strategies to protect against BYOD-related risks?


  1. Kolmar, C. (2022, October 17). 26 surprising BYOD statistics [2023]: What to know for your business. Zippia.
  2. Bullock, L. (2019, January 21). The future of BYOD: Statistics, prevention and best practices to prep for the future. Forbes.
  3. Kolmar, C. (2022, October 17). 26 surprising BYOD statistics [2023]: What to know for your business. Zippia.
  4. Barlette, Y., Jaouen, A., & Baillette, P. (2021). Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies. International Journal of Information Management, 56, 1-16.
  5. AT&T. (2017). Mind the gap: Cybersecurity’s big disconnect–The CEO’s guide to cybersecurity.
  6. Kolmar, C. (2022, October 17). 26 surprising BYOD statistics [2023]: What to know for your business. Zippia.