BYOD (Bring Your Own Device) is a recent increasing trend towards employee-owned devices within a business. However, this recent trend of IT consumerization, regardless of its advantages, increasingly poses a security risk to organizations when these personal devices are connected to organizations' corporate network or when they access corporate data. Jumia Travel, the leading online travel agency, shares 5 ways BYODs are weakening business data security.
Unguarded Application Usage
If a company owns and controls a device, it is easier for the IT department to determine what applications can and cannot be used on devices. However, with personal devices there are little or no restrictions. Users can install whatever application they desire on their device. This can be a big risk to the organizations security because in the process users can unknowingly install an application designed to steal confidential data from user's device or log keystrokes so attackers can gain users to the key systems.
Local Storage of Confidential Data
While using personal devices to access corporate networks and data, employees tend to store some of these data on their devices, sometimes forgetting to properly encrypt them. These data can easily be stumbled upon by external individuals if the device is lost, stolen or accessed by a non-employee related to the employee.
Incidence of Lost/Stolen Devices
If devices used by employees in your organization are accessed and stored 'in-house" it helps to reduce the incidence of lost and stolen devices. But with the use of personal devices, the incidence of lost and stolen devices eventually becomes quite frequent with employees. Once these devices that have access to your corporate network and data are not properly secured at the time of the theft, confidential information could be leaked or access to your organization's systems could be granted to anyone who has access to the device. This is can indeed be a difficult IT security mess to clean up.
Risk of Non- Employees Accessing Your Network
Many personal devices are used not only by your employees but also by friends, family etc. of your employees. This is a potential security risk because these 'other' users can accidentally open confidential applications or documents, and share, expose or leak confidential information, especially if your employee forgets or fails to logout of a secure application.
Employees tend to connect to internet networks anywhere and at any time with their personal devices - be it at home, in the office, at the airport etc. Some of these networks, especially the public Wi-Fi, cannot fully be trusted, therefore these networks can pose a security risk. If the communication between your employees' personal devices and your company's corporate network is not encrypted, the information from such communication can be intercepted by unfriendly or malicious networks.