Business today is often done on the go. The ability to work from anywhere has driven a shift from company-issued devices to the integration of personal devices—called “bring your own device,” or BYOD—into the workplace. A 2015 survey by enterprise software company Code Rebel and reporting agency BizTechReports found widespread benefits of BYOD, including improvements in employee productivity (90.79%), employee satisfaction (83.01%), customer service (80.13%), team collaboration (78.95%), and others. Plus, after all, who wants to carry a work phone and a personal phone when you can do everything on one device?
But over the past decade, the capabilities of the devices have shifted. “What can be done or what the device can be used for can no longer be mandated by the enterprise,” says Nabil Fanaian, who heads the mobility practice at Falls Church, Virginia, CSC, a technology services provider.
Now, the very innovation that makes it possible to use devices to work from anywhere also pose new threats ranging from lost and stolen devices to breaches and malware. As an employee, here are eight things you can do to protect your employer—and yourself—from BYOD-enabled threats.
Whether it’s a formal document or an informal set of rules of thumb, be sure to connect with the person who manages your company’s IT to get familiar with your organization’s BYOD dos and don’ts, says Adam Salerno, manager of federal accounts at cybersecurity consultancy Veris Group in Vienna, Virginia. It’s basic advice, but the IT department will likely give you a list of precautions and may have tools that you can install on your phone to keep data safe.
One of the biggest threats to company data in a BYOD environment is a lost or stolen device, says Terry Evans, founder of CyberSecurity Biz. When a personal device falls into the wrong hands, company data may be at risk. Evans says there are some simple actions you can take to guard against such threats. If you have an IT department, check if they offer “wiping” apps that can be accessed remotely and can erase or lock your phone. (While Evans doesn’t recommend specific apps, examples of these are Autowipe and Android Lost for Android and Find My iPhone for iOS. These are available in the app stores.) If your device is lost or stolen, report it to your IT department or your own supervisor immediately so the company can be on the lookout for breaches.
Everyone knows the basics of strong passwords, but many people just don’t adhere to those practices. Password-management platform SplashData released its 2015 list of the worst passwords on the Internet—an analysis of roughly 3.3 million leaked passwords for the most commonly used passwords—and “123456” and “password” hold the top two spots, as they have each year since the list started in 2011. Password-protecting various applications on your device—as well as the device itself–will be of little use if those passwords can be guessed in one or two attempts, Evans says.
While many people set their devices to automatically connect to Wi-Fi when it’s available, not all networks are created equal, Evans says. Accessing a network that’s not encrypted can leave you open to hackers and “eavesdroppers” who can gain access to your data and, possibly, your device or cloud accounts. Disable the automatic Wi-Fi connection on your phone and review terms of service when you connect, he says. Look for connections that start with “https://” before connecting, or use your mobile phone to create a secure hotspot before connecting another device.
Devices need virus and malware protection, too, Evans says. (Yes, even Apple devices.) You should have device protection installed and run it regularly. A 2014 survey by Consumer Reports found that only 14% of users had an antivirus app installed on their mobile phones.
When downloading applications, Fanaian warns device users to only purchase apps through approved app stores. “[Hackers and people who want to inject your device with malware] create host mock app stores or websites with ‘free versions’ of applications that normally cost a buck or five bucks in the app store,” he says. In addition, some apps require sweeping access to various data and features on your device, including your camera, contacts, email messages, and others. Ensure that granting these permissions does not also give the app permission to access your company’s data.
Data-sharing platform GlobalScape’s 2014 survey found that 45% of employees have used consumer sites like Dropbox and Box.net to transfer sensitive work files. When using such platforms, it’s critical to create separate accounts and personas, Evans says. When using the same account for work and personal data, it’s very easy to inadvertently share company information with those who should not have access to it.
Many devices today are equipped with comprehensive backup mechanisms. That’s good news for users who want to safeguard contacts, music, and photos. However, such automatic backups can capture company data as well, Fanaian says.
“I think that users need to be very critical of that and say, ‘Do I really want my entire device and all of the applications and data backed up to Apple’s cloud or Google’s cloud?’” he says. Instead, opt out of backing up certain areas in the application settings or preferences.