Is BYOD an acceptable Cyber Risk?


BYOD know as Bring Your Own Device is a practice whereby businesses permit the use of employees own laptops, notebooks or smartphones in the working environment.

The cyber risk associated with this philosophy is very real and it is vitally important that this is managed within the businesss.

A survey carried out by Information Security last year reported that 1 in 5 businesses around the world suffered a mobile security breach. The survey also identified that the main concern of usage of BYOD’s was data leakage or loss.

Did you know that 35% of employees store their work password on their smartphone (Source : SecureEdge Networks)

BYOD Policy

It is crucial that the business has a clear and robust BYOD policy which should include the following:

1.An acceptable use policy that reflects appropriate guidance and accountability with input from other stakeholders of the business.

2.Management of Social Media as it is likely that there will an an increased use of this.

3.The type of personal data that can be processed on the device.

4. Ensure that a back up plan is in place as mobile devices can fail or be compromised.

5.Reporting of incidents in a prompt fashion in order to comply with company policy and to meet any legal obligations.

The Information Comissoners Office provides guidance notes on BYOD which are a good reference point for businesses.

What are the risks?

The main feature of BYOD is that the user owns, maintains and supports the device. As a result of this the data controller will not have as much control as they would should the device be provided by the business.The main concern is the security of the data and this is monitored over a number of devices.

With the focus on data the business should be aware of the following:-

The type of data held on the device

What application data will be held on

How the data will be transferred and asssessment of any possible leakage.

The type of security that is operated under the device.

The line between personal use and business use.

Can Cyber Insurance help?

It is possible for a cyber insurance to provide coverage for cyber risks arising from BYOD devices within a business. Insurers will ask certain risk management questions in order to assess the risk and if acceptable will include this aspect of coverage under the policy.

Image : Shutterstock