bring your own device

Security Concerns for Personal Devices in the Workplace (BYOD)

Russell W. Gilmore, CISSP, CISM, EnCE Security Program Development


bring your own deviceWe first addressed personal devices in the workplace back in 2018. That seems like such a long time ago now.

With record numbers of employees now working from home due to COVID, how should we think about personal devices in the workplace? What are some of the security concerns that you should address?

When work occurs on personal devices, how can it affect the security of company electronic data?

  • Employees may not have effective antivirus software, firewalls, or other specialized security software installed on their devices.
  • Employees may not allow the company access to their device for security reasons since wiping an employee’s device may erase all information on the device, both business and personal.
  • Certain software systems on a personal device may not be compatible.
  • Employees often work at outside Wi-Fi locations that are not secure and are vulnerable to attack by others.
  • Devices used by employees can be stolen, lost, or damaged.
  • Employees can take pictures or videos of information that may be proprietary to the company.
  • Employees may allow other people to access their device, putting sensitive data at risk.

What is your organization doing to protect company information on personal devices?

Few companies have considered all the vulnerabilities that exist in an open bring your own device (BYOD) environment. Consider for a moment companies that have experienced a security breach. How easily could this happen at your organization because of a breach through a company-owned device with insufficient security controls in place? How easily could a breach occur through a device owned by an employee who does not think security is important or who has inadequate controls in place? The costs and recovery from of a security breach in time, resources, and reputation is significant.