Private equipment at work. Convenience or threat to the company?

The Bring Your Own Device (Byod) strategy, consisting of working using private devices, was considered a modern and convenient approach – flexible for the employee, cheaper for the employer. She also facilitated the transition to a model of remote and hybrid work, especially during Pandemia. Today, however – in the face of growing cyber threats and unstable geopolitical situation – the use of private devices for supporting company data is more and more fears.

The Byod strategy raises more and more fears

According to experts, the basic problem related to Byod is simple: the company has no full control over a private device on which its data is processed. Even when implementing politicians and security procedures, a private phone or laptop remains beyond direct management of the IT department.

– In practice, the Byod strategy has a number of defects, among which the most serious relate to the cyber security area. If the employee uses his private device, the company has no guarantee that the system and applications are systematically updated, which is the basis for security requirements – explains Robert Ługowski from Safesqr.

As he notes, the employee may unknowingly expose the company to serious threats.

– It can freely install non -automated or unknown software from unknown sources, do not care for anti -virus protection, use weak passwords or store them without security. At the same time, it is enough to skip one of these basic security elements to open the cybercriminals to access the company’s infrastructure. In addition, some applications may be free for home use, but their use for commercial purposes requires the purchase of a license – which can potentially expose the organization to legal problems – explains the expert.

Byod – Cyberrataki and more frequent

Cyber ​​security is becoming a priority for companies today, especially since modern threats are no longer limited to classic viruses or phishing.

– Until recently, such situations concerned US companies, now more and more often from Europe, including Poland. One person acting in this way can be responsible for many false identities, act and pose a threat to many different companies. The purpose of such activities is not only public institutions, but also private companies – especially from the strategic industries: energy, industry, transport, logistics or IT – notes Ługowski.

An increase in the number of cyber attacks and data violations is already driving the Byod security market

-In the conditions of global uncertainty, companies must think like strategic institutions-protect not only data, but also your reputation, know-how, and often also clients-says the expert.

He adds that when the tensions between countries are constantly growing, the issue of geopolitics in the context of Byod becomes a real threat – digital spies have the support of applications aimed at collecting certificates and data.

– Tools prepared by state actors are very often sophisticated, and their detection can only be possible with the use of a whole palette of funds – from workstations, through network traffic, to servers’ security. Lack of one of the elements can hinder the detection of enemy activities or prevent it completely. Some support is provided by regulations, such as NIS2, introducing the necessary cyber security framework – even a risk analysis that allows you to indicate the most important risks and preventive measures and alleviating – he notes.

How to ensure cybersecurity?

As experts emphasize, from an IT perspective, Byod strategy means management problems – various operating systems, lack of standardization and non -standard applications hinder control. Byod also favors the phenomenon of “shadow it”, i.e. the use of tools not automated by the IT department. Even with certain safety rules, an employee with administrator’s rights can easily go around them. In addition, new security, such as multi -component authentication, can be illusory – if, for example, the code goes to a private, infected phone, can be intercepted.

Sometimes the best and long -term cheapest solution turns out to be a return to company devices – centrally managed, secured and with limited access to application installation. This is particularly important where sensitive data, customer trust or competitive advantage are involved.

According to Robert Ługowski, this does not mean the end of Byod.

– The use of private equipment by employees for performing tasks can still function, but a new approach is needed here. The priority should be not saving, but to include high risk, investments in training, monitoring and development of security policy – he concludes.