Bring Your Own Device (BYOD) — Security And Other Considerations For Stakeholders

Today’s employees are always connected, thanks to ubiquitous broadband and a wide range of portable devices, from smartphones, tablets and laptops to fitness trackers and a plethora of smart devices such as watches, cameras and GPS navigators. How necessary is this level of connection?

Cinemas and restaurants are no longer peaceful, with beeps, chimes, vibrations and other alerts notifying everyone in the vicinity that something else (generally of a trivial nature) has occurred in your vast network of contacts. It makes sense that social addicts want to spread this contagion to the workplace since not being connected can produce a sense of withdrawal not unlike that of those coming off hard drugs. We need someone to like that oh-so-interesting photo of last night’s chicken chow mein. We need someone to know how we feel at work… Or do we?

BYOD Motivated By Cost Savings?

Let’s look at the motives behind BYOD adoption for companies and device users. Visitors to your home quickly request access to your Wi-Fi as most are tied to a set data plan by their mobile carrier, with a monthly cap and corresponding rate per gigabyte of usage. Using Wi-Fi, device users can access broadband Internet and reduce data usage over 3G, 4G or 5G. Therefore, we can safely conclude that users want BYOD to save money on data charges by connecting to the company Wi-Fi.

Employers also want to save money, of course and by allowing employees to use their own devices, do not have to issue company-owned devices. Since it is likely that personal devices are of a higher spec than those purchased for business use, there are also possible productivity benefits.

In an ideal world, the story ends there, everyone involved saves money and lives happily ever after. Unfortunately, there are drawbacks for both parties, ultimately caused by data, user and device management requirements.

Can any company afford to provide Wi-Fi access without considering potential security risks to the network and the data residing on it? No, as every jurisdiction is likely to have regulations and mandatory requirements relating to data security, personally identifiable information (PII) or indeed e-discovery. Therefore, any cost savings in allowing BYOD are likely cancelled out by the management of BYOD devices.

Practical BYOD Issues

As a former network administrator, I appreciate the additional workload a BYOD program can place on the IT team (the team blamed when the network is breached or data is lost).

The problems with BYOD from a security perspective include but are not limited to:

Permission management–to ensure secure access (by user, device or network credentials), a solution aimed at mobile device management (MDM) is best.
Device Management–companies need to decide on the device types and manufacturers they will allow on the network. Additional requirements could relate to the device OS revision/version involved. To allow all mobile device access is a mistake as cheaper brands could use an earlier OS version with known vulnerabilities or apps that can exploit network connections.
Security updates–if the device owner does not encrypt the device or install security updates then it is a weak point on your network.
Viruses, malware and other threats–again, virus scanners and other security tools must have the latest updates to protect the device and, in turn, the company network.
Employee exit procedures–When the owner of a BYOD device leaves the company, the device must be cleaned to remove company data in a secure manner. This can require admin access to the device, a problem for many device owners, who do not like being ‘spied on’.
Lost or stolen devices–If a BYOD device is lost or stolen, there is a potential data loss/breach involved. For this reason, the remote wipe is a useful admin feature. Unfortunately, such control is often a problem for device owners (see (5)).

For employers considering BYOD, device admin is typically the single thorny issue. If a user does not want the company to administer the device (and I wouldn’t) then the company should not allow the device to connect to company Wi-Fi. End of story. If the same employee needs a company device for travel or remote work, then issue a company-owned device as the company can administer it as they desire.

In conclusion, I believe that constant connectivity is not needed, unless you are a volunteer firefighter or an on-call medical professional. For family emergencies, SMS is still an effective way to receive an urgent message. After all, employees can still use their mobile carriers for internet access if needed at work. From a company perspective, is it easier to only allow company-issues devices access to the network? It varies from company to company, but for the most part, when full administration of employee-owned devices is necessary, the resulting admin and security risks may not be worth it. There are also HR (if an employee uses the device on work tasks outside working hours, expect to compensate that employee) and legal considerations (under e-discovery, mobile devices are included, and data loss can result in substantial fines) in some jurisdictions. I recommend you identify all potential risks before embarking on a BYOD strategy. What do you think? Is the use of personal devices an issue in your company?

Register for a 14-days free Trial

SMSEagle is a hardware & software solution that guarantees a swift delivery of your messages to designated recipients, whether it’s for notifications, alerts, or important updates.

14-days free trial
Online Access to physical device

No credit card required
Access to over 20 functionalities

SMS online vs. SMS offline: Który z nich najlepiej zabezpiecza Twój biznes?

28 stycznia 2025

Firmy w dużym stopniu polegają na SMS-ach w komunikacji krytycznej. Od wysyłania powiadomień do klientów po wewnętrzne alerty dla pracowników, wiadomości SMS to szybkie i efektywne narzędzie. Jednak wraz ze wzrostem zależności pojawia się zwiększone ryzyko, a wiele organizacji pomija potencjalne luki w zabezpieczeniach bramek online, które opierają się jedynie na podstawowych środkach bezpieczeństwa zapewnianych przez operatorów sieci komórkowych.

SMS online vs. SMSEagle: Kompleksowe porównanie kosztów

28 stycznia 2025

Dzisiejsze firmy polegają na SMS-ach do różnych zadań, od powiadomień klientów, przez wewnętrzne alerty systemowe, po kampanie sprzedażowe i marketingowe. Koszty korzystania z internetowych platform SMS mogą szybko wymknąć się spod kontroli, zwłaszcza biorąc pod uwagę opłaty za wiadomość, ukryte opłaty, koszty operatora i modele cenowe oparte na subskrypcji. Dla organizacji o średnim lub wysokim wolumenie wiadomości, zależność od internetowych bramek SMS może stać się poważnym problemem finansowym.

Alerty SMS: Niezawodne powiadomienia w cyfrowym świecie

15 stycznia 2025

W dzisiejszych czasach wciąż istnieje ryzyko przegapienia ważnych powiadomień. Niezależnie od tego, czy chodzi o ostrzeżenie pogodowe, alert finansowy, przypomnienie medyczne czy wiadomość tekstową, niezawodność powiadomień może mieć kluczowy wpływ na nasze życie. Dlatego tak ważne jest, aby istotne wiadomości, takie jak przypomnienia i kluczowe informacje, docierały skutecznie do odbiorców za pośrednictwem alertów tekstowych. W tym artykule przedstawiamy, jak SMSEagle zapewnia niezawodność dostarczania tych alertów nawet w sytuacjach braku dostępu do internetu, wykorzystując zaawansowane strategie powiadomień offline.

Co to jest SMSEagle?
SMSEagle to sprzętowa bramka SMS przeznaczona do wysyłania i odbierania wiadomości SMS. Urządzenie zostało zaprojektowane z myślą o niezawodności i stabilności pracy. Pracuje w oparciu o system Linux, posiada nowoczesny, responsywny interfejs graficzny. Wiadomości SMS są wysyłane/odbierane bezpośrednio do/z sieci operatora telekomunikacyjnego. SMEagle ma wbudowaną bazę danych SQL zapewniającą bezpieczne przechowywanie wiadomości. Urządzenie rozbudowywane jest o dodatkowe wtyczki oraz łatwe w użyciu API do integracji z zewnętrznymi aplikacjami.