BYOD for Small Business: How to Protect Employee Personal Gadgets

Security threats associated with employees using personal devices for business purposes (BYOD, bring-your-own-device) are still often overlooked by organizations. A study by Kaspersky Lab * showed that many owners of small companies believe that BYOD does not pose any danger to their business and prefer to save on the protection of mobile devices, while employees consider such protection to be the task of the employer.

Alexander Savushkin, Managing Director of Kaspersky Lab in the North-Eastern Europe Region, Advisor to Commercial Director for Business Development

Small companies are actively using outsourcing, including the rental of infrastructure, free postal services, domains of other companies. Many processes also take place with the involvement of contractors, for example, in the field of accounting and IT administration. Often employees work from home, not from the office. Employees use their mobile phones, tablets and laptops for work allows to significantly reduce the cost of the entrepreneur and not to engage in support and purchase and replace these devices. These devices are often connected to corporate e-mail; contacts of customers and contractors remain on them.

The results of the same study showed that 62% of respondents – both owners and hired employees – use personal mobile devices for work purposes. Based on these numbers, it can be said that BYOD is no longer a trend, but a common practice in business. This applies to companies of almost all sizes, from very large (over 5,000 employees) to small ones (less than 25 employees).

Nevertheless, the attitude towards ensuring information security of devices is still far from the ideal IT approach. According to a study of consumer attitudes to information security, more than half (60%) of respondents are worried about the possibility of spying on them and stealing information through mobile devices, but they themselves do not take active measures for defensive ones, relying on employers on this issue. At the same time, employees often store work files on personal laptops, tablets, and smartphones; they keep working emails on them, and sometimes passwords for work mail or corporate VPNs.

The concept of BYOD is indeed convenient for a business, especially a small one; however, in order for it to be successful, its implementation must take security issues into account, otherwise the entrepreneur risks in case of leakage of confidential information or infection of the corporate network through employees’ mobile devices, losing much more than saved.

Risks of using personal devices at work
First, the employees’ device may be lost or stolen along with all the corporate information that was stored on it, and if it gets “in the wrong hands”, it will leak confidential data;
Secondly, by bringing infected laptops or tablets to work, employees transfer malware to the work network;
Third, employees may unintentionally install dangerous applications or unlicensed software, which, along with the discrediting of the IT infrastructure, violates legal requirements or license agreements.
Perhaps the biggest problem in using mobile devices at work is their insecurity. Research shows that employees rely on employers in this matter. In turn, the interviewed representatives of small business do not see much sense in the additional costs of specialized solutions. More than 80% of respondents were not interested in information about managing the information security of mobile devices.

Of course, there is nothing surprising in the fact that small businesses are forced to save and cut expenses, which may seem unnecessary. But information security should not be related to one of these expenses, as sometimes a single cyber incident – even such a “unwise” as a lost smartphone with valuable data – may be enough to put the entire business at risk or lead to serious financial losses.

We will write some news only for mailing. You will not meet them on the site UBR.ua, and can only receive a letter if you subscribe to us.

Imagine such a case: returning from the office of an important client, the manager of a small advertising agency forgets in a taxi a tablet with the results of the meeting. The next day, the taxi driver hands over the tablet to the pawnshop, and a week later, in the office of the director of an advertising agency, a call rang out with a proposal to buy a device with plans for an advertising company for a new product, while the redemption cost is the company’s quarterly earnings.