Personal Devices and Business Security
Personal devices and business security are rarely considered safe to mix. It comes down to the difference between careful and casual. With workplace computers, software, and the work network, professionals must know how to be very careful about what they do and click. Employees keep company data safe by not browsing the open web or conducting social media on their work devices. Personal devices are another story. Your team must be free to use their personal phones for personal use, and casual use tends to equate to daily efficiency. Even if that means wiping the occasional malware bug.
This is exactly why employers have been careful about letting employees use personal devices for work purposes or on the work network. Many businesses provide a secondary wifi network for personal devices, separate from the network for secure business matters. You may ask employees not to use their phones during work hours or only allow the use of provided work phones and laptops. If your business does have a BYOD (bring your own device) policy, there are likely careful IT protocols in place for self-used devices.
Remote Work and the Use of Personal Devices
With the sudden need to send most of your workforce to work from home, there is a new question of data security and personal devices. When employees work at home, they will inevitably use their personal devices for both work and personal purposes. They are likely already using home computers and laptops, often shared with the entire family with or without secure user logins. This can lead to two different types of data breaches. One is carelessly exposing work applications and files to malware, the other is unsecured access from family and house guests.
So how do you keep company data safe from malware and unauthorized eyes while your employees work from personal devices at home? Let’s examine the leading personal device policies that can secure your data, along with their pros and cons for both the company and your at-home team.
Company-Provided Devices Only – No Personal Device Use Permitted
The strictest policy that you can implement is to require employees to only use company-provided devices. With this method, you can have complete control over which operating systems are used, what is installed on the devices, and send each device with security programs to help ensure that all work on these devices is private. You can use this method to monitor or limit employee activities on provided devices or help employees use account separation if work-provided devices are sometimes used for personal work.
The pro of only allowing employees to use company devices is the highest possible security. You can, if you choose, take almost complete control of the devices. What is installed, what is limited, and availability for remote maintenance from your IT team. You can also justify asking your team not to use their devices for personal use, and instead use only their personally purchased and maintained devices for things like social media and movie streaming with the family. You can also install trackers and kill switches in case of theft before the devices leave your office.
The cons of company-only devices at home are easy to quantify. The first is the cost for the company to provide all of the devices needed for your team to work at home and the time to prepare their devices for secure use. Of course, if you were already going to provide a full coverage stipend for devices, then sending devices adds very little to that existing budget.
The second con is logistics. In addition to shipping and delivery confirmation, it will also require tight software control to fully prevent at-home teams from using work devices for personal activities.
Only Approved Work Apps and Logins Allowed – Personal Device but Not Personal Methods
Another approach is purely software. You may choose to allow your team to use personal devices, but only to handle work data on the exact apps and programs that you provide. Send links and provide the logins necessary to access work accounts and work tools. You choose the secure programs with end-to-end encryption and two-factor authentication logins to help your employees avoid using or finding unsecured apps to do their work with.
BOYD with approved login apps is the lowest cost approach to employee home device security. However, you can side-step many of the security risks by limiting work data to business-quality secure applications. The key is to choose software that truly improves the workflow of your team so that they don’t seek outside apps to improve their efficiency – whether or not those apps are secure.
The software-only approach is also the most versatile, allowing your team to use the devices they prefer or have access to, and even borrowed devices with the right programs installed.
The con is that without control over employee devices, there’s no absolute guarantee that they will keep company data inside the approved apps. Copy-paste is still a riskily easy function to use. If the programs you choose do not create a productive and easy workflow, then your team – especially at home – will seek their own tools to make their work better without a full understanding of the security requirements.
One to Two Personal Devices Permitted – If Inspected and Security Apps Installed
Your third option is to allow personal devices, but only if those devices have been through the hands of IT first. You can ask employees to have their devices scrubbed of any existing questionable programs and then install tracking and security programs. This combines the two methods of device control and software control. While your team can bring their own devices, you are treating these devices as if they were company devices with company-installed protections and rules.
The pros are cost-effectiveness and versatility. Your team will be able to use the devices of their choice while your company does not need to cover the cost of new devices for each team member. If your team is comfortable with this approach, it can be a great compromise solution for remote device security
The cons, however, are also easy to see. This is the most invasive method in which the company takes control of employees’ personal devices. Tracking software can be controversial and you will need to carefully stay within the bounds of the law on collecting location data and tracking your employees’ personal activities. Employees may be uncomfortable with submitting their devices to company control and oversight.
Which is the Right Device Solution for Your Business’ Remote Security?
These three options encompass the spectrum of choices your business can choose from for remote team security. Of course, you don’t have to mimic any one model. Most businesses devise a balance of device, software, and data control to help remote team members maintain company cybersecurity measures. For more insights into remote security and how to build a productive solution that your team will both respect and enjoy, contact us today!