Skip to main content

BYOD (bring your own device) – Is it worth it?

*By Eliana Francisco

Today's corporate infrastructure thinking goes beyond the devices acquired by the company, as the practice of BYOD is increasingly used ("bring your own device”, or “bring your own device”), which consists of giving the employee the possibility of using their own devices to access corporate systems, due to the advantages it offers both for the company and for the user. However, it is necessary to pay attention to security aspects, one of the main challenges.

Benefits:

  • Device cost reduction: The employee is responsible for the acquisition of hardware, data package cost and maintenance, in addition to other related services.
  • Greater employee convenience: ensures more convenience for employees, due to the use of devices with which they are already familiar and easy to use.
  • Improved organizational climate and greater productivity: Professionals have greater comfort in choosing their device and operating system of choice, also generating an increase in productivity.
  • Mobility: Allows the execution of activities home office, suppliers or partners, since their employees can work anywhere.

Requirements and Challenges:

Although there are positive points, there are also some points of attention, such as:

  • Development: The development team will need to adapt to different operating systems and application support, which may make implementation unfeasible, as it requires investments.
  • Security: Lack of validation of security controls for employees' devices, for example when they are connected to an internet network, viruses or malicious files can be transferred from one device to another;
  • Distractions and overwork: When using a personal smartphone at work, the employee will receive private messages on their WhatsApp, notifications from their social networks, etc., this may even unintentionally generate distractions with interventions of activities not relevant to the function. The employee can also work after office hours, this can cause him to work during his/her non-working hours. In addition to physical and emotional wear, this fact can even generate labor lawsuits against the company in the future.
  • Loss of confidentiality and availability of data and/or breaches: if the company neglects a solid IT security policy.

Best practices:

BYOD best practices aim to help in the use and, consequently, in the administration of mobile devices brought by employees, such as

  • Information Security Policy and BYOD: organizations that allow the use of personal mobile equipment to access systems in the workplace must establish usage rules based on the Information Security Policy.
  • Centralized Management: Centralized control that effectively and efficiently ensures compliance with these rules requires the use of a Mobile Device Management System (MDM). The use of MDM makes it possible to use BYOD, through the administration of smartphones, tablets, notebooks, as the system aims to protect, monitor, manage and support, and its use can reduce business risks.
  • Virtualization: one of the most recommended paths when talking about BYOD, due to the reduction of risks as files and data are not saved locally on the device.
  • Adoption of standardization: Systems that can be accessed/installed by these devices according to position/function.
  • Employee awareness: periodically conduct information security and data protection awareness training.

Conclusion

The decision to release the use of personal devices should consider the advantages and disadvantages for each scenario and each organization, as each organization will have a return on this practice. It is always valid to mitigate risks and vulnerabilities as well as their impacts on the organization. It is important to make employees aware of their responsibilities in protecting corporate data through training.

— Eliana Francisco is a GRC consultant at SAFEWAY

About [SAFEWAY]

THE SAFEWAY is an Information Security company, recognized by its customers for offering high added value solutions through projects in Information security that fully meet the needs of the business. In these years of experience, we have proudly accumulated several successful projects that have given us credibility and prominence among our clients, which largely constitute the 100 largest companies in Brazil.

Today through more than 23 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!