BYOD: risks and rewards

Bring-your-own-device policies have been popular since the 2010’s, and they became even more common during the pandemic work-from-home boom. Employers like BYOD because it saves them the cost of purchasing devices (especially cell phones) for their workforce. Employees like them because they get to work on the devices they’re comfortable with. But BYOD comes with some tradeoffs.

Usually, BYO-devices are considered unmanaged, because they’re not enrolled in a company’s MDM, and are therefore outside of the control of IT and security teams.

Unmanaged BYOD presents serious security risks, including:

• Data leakage: IT can’t monitor downloads or data transfer
• Malware: These devices may not be properly patched and lack basic antivirus protection
• Onboarding/Offboarding: IT lacks the ability to remotely configure or wipe these device
• Credential-based attacks: Bad actors can use stolen employee credentials to log in from unknown devices

To maintain a safe BYOD policy, you must address (or at least acknowledge) these risks

‍