BYOD Pitfalls During COVID-19 and How They Can Be Reduced

Photo by Frank Vessia on Unsplash

Bring your own device, also known as BYOD, is a concept that Intel embraced in 2009. Today, regardless of the size of the company, over half of them have BYOD in place.

BYOD is a concept that is widely recognized today, such that small businesses, corporations, and even schools have it in place.

Although there are many advantages to having BYOD in place such as lower costs and increased productivity, security is the biggest problem with it.

We are seeing many of its pitfalls since the quick shift to remote work due to COVID-19. The pitfalls have increased drastically as cyber criminals are taking advantage of the fact that people around the globe are now working from home likely using personal, unsecure devices.

This is an eye-opening situation for businesses everywhere and an important lesson as to why companies should implement cyber security practices to avoid crises such as this one. It is now costing companies much more than they would have spent to protect their data and intellectual property to begin with.

With companies using BYOD especially in a time like today, how are they going to keep all their data safe? This is why we are seeing more intellectual property cases.

Here are the common pitfalls that companies and individuals are facing after COVID-19 themed attacks and how they can be reduced:

1. Data Leakage or Breach

This is a common issue companies and individuals face. Data breach cases have spiked since COVID-19, and companies of all sizes are at risk. Recently, Canada’s third largest university, York University, suffered a serious cyber-attack. This shows that even big institutions with secure networks are not safe.

There are ways to minimize by the proper use of mobile device management, data provisioning, VPN, or geo location.

  • Mobile device management: A software that is used to securely manage a company’s private information and remove it from a device if the need arises.
  • VPN: A secure channel between two networks to add an extra layer of security.
  • Data provisioning: Limiting the data employees have access to. For example, not everyone should have access to the accounting information.
  • Geo location: This Ensures that you cannot access the company’s data unless you are in a location that is authorized. For example, some policies only allow you to access data if you are device is located in the Canada.

2. Malware and Virus

Yet another issue with BYOD is the risk of viruses. Downloading files, apps, or programs on unsecure devices present huge risks of malicious activity on your device. A recent McAfee report showed that COVID-19 related malware has spiked and there has been an increase from 1600 to 39000 bogus websites.

The risk of viruses can be minimized by updating devices, app permission auditing and app blacklists.

  • Updating devices: This is the most critical method as it can make or break a security system. Upgrading your system can prevent a cybercriminal from accessing your personal information.
  • App permission auditing: Ensuring that certain apps only have access to certain commands on your phone. For example, a voice recording app shouldn’t have access to your email or location.
  • App blacklists: You can block apps to be installed on a personal device too, so it does not compromise company data.

3. Lack of Device Management

Device management is an on-going practice that companies should have in place. Clearing, securing, and monitoring devices frequently has been essential now more than ever before.

Device management can help to secure BYOD devices by using mobile data wiping, on device data security, and monitoring devices.

  • Mobile data wiping: Ensuring you clear and remove personal data and information by wiping it means the data becomes unrecoverable. 
  • On device data security: This is a way to ensure mobile or portable devices are secured by requiring that strong passwords and biometrics are enabled before allowing access to company data. 
  • Monitoring devices: Tracking how devices are being used, who uses them, and for what purpose.

4. Lack of Testing

System testing such as penetration testing examines the security of the system and it can be costly, but it could uncover vulnerabilities before cyber criminals exploit them. Companies often don’t pay attention to their security practices until something goes wrong, but this should be performed regularly.

Article written by:

Farah Khan,

Writer, Multimedia Content Creator & Digital Marketing Specialist