Newsletter & Blog

BRING YOUR OWN DEVICE

So what is it?  Well the idea was to allow employees to use their own devices for work purposes.  The thinking was that in this day and age, many employees have developed preferences for what they use.  So whilst many will stick to Microsoft, others may prefer an Android or Apple tablet, whilst others still may prefer a MacBook.  There’s a wide choice these days.

 

But what do we mean by work purposes?  It can mean anything from accessing your emails, which most of us do on our phones, to accessing critical services and applications.  And this makes it a potentially complex issue.

 

The pandemic brought with it many issues that needed swift resolutions and now, it’s not uncommon to visit companies that have allowed their staff to work from home, because they have little choice, and allowed them to use home devices for work purposes, including connecting to the company network and/or cloud services, directly from home.  The imperative was to make it work and keep the company running.  Laudable at the time but we are now in a position to take stock, and look hard at what we should be doing.

 

Before I continue, it is worth getting this point out of the way.  You cannot do all your organisations functions securely with just BYOD, not matter how well it may be configured.  In fact, if you’ve given BYOD users admin access to company resources, revoke it NOW.

 

For just about all SMEs, this has started from a position of necessity.  But like many such events, if it seems to be working, it rapidly becomes the norm and in creeps a complacency that it’s actually all OK.

 

BYOD solutions need to be planned and thought through.  And pretty much the same as most things, particularly risk based assessments, what you need to do really depends on your organisation.  You need to ask some questions:

 

  • What can I do from the office that cannot be done by home workers?
  • Are there functions which employees need to do, that requires the company to have visibility and management of, and is there anything that doesn’t?
  • What do my employees need to do?
  • How can we balance what employees do that also involves your need to protect data and their privacy (DPA2018)? They are after all, using their own device.

 

But perhaps just as importantly you need to ask yourself if you need to keep working from home.  OK this pandemic isn’t over yet and many companies already quite like the reduction in costs involved in running the office that comes with home working, and are planning some form of hybrid working.  And, if that is the case, do you intend to start buying and issuing laptops for remote working?  Or do you plan to continue to allow employees to use their own devices?

 

Whichever way you chose to do it, it is not simple.  Your need to have polices and processes in place and a standard configuration that staff need to sign up to.  For instance the use of strong authentication, a properly installed and configured anti malware system, a properly installed and configured firewall etc.  This list is not exhaustive.

 

Before you make your choice, take the appropriate advice and remember that this is not just a technical solution, it requires a risk management approach that covers people, process and technology.  Technology is deliberately listed last.

 

H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services designed specifically for SMEs, at a price they can afford.  Our advice and guidance takes a unique look at the problems facing SMEs whilst calling on our vast experience working for the larger organisations and government departments.