The SMB Guide to Securing Employee Personal Devices

Employees want to use their personal devices for work, and while it may save on the IT hardware budget, it can create security risks.

istock 805119394

Trying to stay ahead of cyberattacks is a headache for most organizations. Another pain point is securing employee-owned devices, which puts an additional burden on IT.

As a result, personal devices are often overlooked or protection is limited to the secure business applications that are used on the devices, according to Gaidar Magdanurov, chief success officer at Acronis.

That means that employees are moving company data onto personal devices and sharing it through unsecured channels like personal email or file sharing applications. Or, they are storing information in the device memory outside of the protected corporate application. Although this may be convenient for employees, it creates significant security risks for the small and midsize business (SMB).

The practice of bringing your own device (BYOD) to work has long been a slippery slope. These devices move to and from the protected corporate perimeter and are frequently connected to unsecured public networks — potentially exposing data to third parties, Magdanurov says.

Devices can be lost or stolen, and without a device management solution, the ability to remotely wipe and block them is not an option for IT.

“The bottom line is, the moment the data gets to the employee-owned device, IT loses control over it and can provide little assistance in securing the data and the device,’’ Magdanurov says.

BYOD pros and cons

Most small businesses typically rely on employees using their own devices, as issuing company-owned devices can over-extend the IT budget. In addition to cost savings, another benefit of BYOD is enhanced employee productivity. Individuals who are using their own devices for both personal reasons and work gain greater flexibility.

However, while BYOD lessens the load on device procurement, IT or a managed services provider (MSP) must insist on software that protects those devices, Magdanurov says. That’s because employees have seized on the convenience and sometimes now use multiple devices, which expands the attack surface and creates additional complexity. Also, as remote work skyrocketed during the pandemic, IT organizations saw their controls become loosened.

“Expansion of BYOD and the tendency of employees to disable security controls in their home networks and on their own devices dramatically increased exposure to security threats and increased the burden on IT organizations,” Magdanurov says.

How to seamlessly secure BYOD and protect company data

There are a few steps SMBs can take to protect both employee devices and company data. First, analyze how personal devices are used and which applications and data are needed on those devices, Magdanurov says.

“Then, introduce a policy for BYOD and train employees on the policy. That includes which applications should be used, how the data should be handled, what to do in case of issues with the device, and the procedure to take if the device is lost and stolen,’’ he says.

The BYOD policy should include software tools for:

  • restricting data access and data leak prevention
  • monitoring tools to locate data and provide insights into data access patterns
  • detecting suspicious behavior and preventing access to sensitive data in insecure locations.

Another important step is regular employee security training around phishing. For example, educate workers about how easily hackers dupe individuals into disclosing sensitive information, and the need to be vigilant while on the company network.

“Many organizations forget about training or do it informally,” Magdanurov says, “but employees are vulnerable to security threats, and untrained employees are a much bigger security risk than BYOD.”

Click here to see how Acronis can help Improve your security posture.

Copyright © 2022 IDG Communications, Inc.