By Dr. Andre Slonopas  |  04/01/2024

bring your own device security risks


Bring Your Own Device (BYOD) policies have changed the modern workplace, making it vital for organizations to exercise greater vigilance against security threats. While the use of personal devices for work is convenient for employees, it raises security concerns. Consequently, IT departments must develop sophisticated mobile device management (MDM) solutions to protect proprietary data and preserve the integrity of a business network.

According to CEI America, the use of personal devices in the use of personal devices in the workplace will continue to grow. Mobile devices typically include personal and corporate apps and data, so they are popular targets for attackers.


The Challenge of Convenience Versus Cybersecurity When Workers Use Personal Devices

The usage of employee-owned devices in the workplace requires some creativity. The challenge, however, is to ensure that people can do their work without impediment while still maintaining strict security standards on an employee-owned device.

Endpoint security solutions are becoming more crucial in preventing illegal access. These security solutions protect end-user personal devices that access a corporate network.

Generally, an employee's personal device is more vulnerable to malware and security breaches than corporate devices due to weaker protection measures. Security teams must monitor these devices and create security solutions to protect both personal and company data.


Mobile Devices and Their Security Risks

Mobile devices – such as employee-owned smartphones or company-supplied smartphones – are particularly vulnerable to attacks from malware. For instance, it is all too easy for an attacker to fake a text message that appears legitimate and send it to an employee’s smartphone.

An unsuspecting employee might click on a link that appears in that text message, resulting in malware being downloaded to the employee's phone. Once that phone is infected, the malware could then spread to a corporate network and interfere with company data.

Employee devices typically store both personal and commercial data, so the risk of data leakage is increased. Insecure network access or a lost or stolen device might also expose critical information. For instance, unauthorized users with sophisticated knowledge may easily access a company's network with a stolen device.

The variety of personal apps on an end user's own device increases the security hazards. What appears to be innocent software at first might provide backdoor access to crucial corporate information.

Mobile Device Management

Mobile device management software can manage, monitor, and protect workers' devices across numerous service providers and operating environments. As the BYOD movement grows, MDM helps safeguard corporate and employee data on different devices.

MDM software enables IT department to enforce security rules to meet organizational requirements and safeguards corporate data on employees’ equipment such as smartphones or laptops. MDM also allows IT personnel to remotely lock or wipe off data from lost or stolen devices to ensure device security.

The first step in implementing MDM methods in the workplace is choosing the proper security software for the company's requirements and rules. Afterward, that security solution can be integrated into the company's IT infrastructure and deployed on staff devices. The IT team can manage the installation and ensure mobile users follow BYOD policies.

MDM security software can be tested in various ways, such as rogue personal applications, data loss, and unauthorized access. Ultimately, superior encryption, secure network connectivity, and real-time monitoring are required for comprehensive data security. Ideally, an MDM solution must smoothly manage various devices with different computer systems.

MDM requires a strict balance between privacy and security. Protecting an organization's data is vital, but so is protecting workers' data on their personal devices. Effective MDM software should be able to separate the personal data from business data on multiple devices.

Another part of mobile device management involves using antivirus software and firewalls, as well as making regular upgrades to security. MDM may also limit app installation, which can further improve company security.


Operating System Vulnerabilities in a Bring Your Own Device Environment

In BYOD environments, operating systems offer serious security risks. Different operating systems have different vulnerabilities that attackers may exploit. To reduce security threats from obsolete software, organizations must require all employee-owned devices on the corporate network to get upgrades and keep company data safe.


How to Manage BYOD Security Risks

There are various tactics that an organization can use to further improve its security posture in regard to BYOD devices. These methods include the use of cryptography, security policies, and employee training.


Cryptography is a useful way to protect confidential data. Data stored on a mobile device or in transit across a network is encrypted to prevent it from being seen by unauthorized users.  

Mobile security – as well as network security – relies on this data encryption to protect against threats to business enterprise security.

Security Policies

BYOD policies should explicitly state workers’ duties and define how employees may access and transmit corporate data on their BYOD devices. These policies should include:

  • Prohibitions on using unsecured Wi-Fi networks
  • Restrictions on sharing sensitive data via personal apps or to third parties who might want to gain access to a corporate network
  • Clear instructions regarding the personal and business use of devices
  • Clear definitions of what constitutes sensitive company data and sensitive files

A BYOD security policy must ensure that each mobile device meets the exact security requirements of the organization. Since the use of personal devices and software can vary from one employee to another, it is essential to remember that workers may access company networks and data on devices with different security vulnerabilities and settings.

This method requires assessing threats related to different personal devices to ensure complete protection against data leakage. Some personal devices may not be compatible with an organization’s security or network. IT staff members must assess these risks – including the operating system of a personal device, apps, and network connection – and make corrections.

To maximize protection, the organization must enforce its BYOD security policy to ensure staff devices meet company security requirements. Ideally, there should be frequent device checks and quick security breach responses, especially when a company network is involved in the breach and there are grave security concerns.

In addition, BYOD security policies must be reviewed and updated on a regular basis. As attackers develop new types of attacks, corporations and their IT departments will need to stay up to date with the ever-evolving cybersecurity world.

Employee Training

Comprehensive staff training is also vital to protect an organization. Ensuring sensitive data is stored and used safely on an employee's device requires staff members to be educated about BYOD dangers and appropriate security measures.

This training should involve an IT department and discuss topics such as:

  • Avoiding the downloading of malicious apps from unknown sources to personal mobile devices
  • Using strong, hard-to-guess passwords
  • Detecting phishing efforts
  • Updating software and security programs on personal devices

The training should also include security measures such as how to report lost or stolen devices and remotely wipe data from a mobile device. In addition, an organization should encourage employees to maintain their mobile devices with the newest operating system and security updates.


Learning about BYOD Security Risks at American Public University

To protect themselves, organizations and individuals must be cautious and proactive in mobile device security. BYOD protection will evolve with mobile technologies and cybersecurity.

In the future, BYOD security measures will constantly change. Companies must keep improving their BYOD security policies and device management techniques to tackle workplace issues with personal and corporate data on one device. In a world where personal and professional device usage is blurring, IT departments and security teams are more important than ever to prevent data theft.

To enable students to improve their knowledge of BYOD security, American Public University (APU) offers two courses:

  • ISSC343 Wireless Networks
  • ISSC412 Mobile Application Security

Both of these courses are a part of the concentrations related to American Public University’s online bachelor of science in cybersecurity degree. For more information about this degree, please be sure to visit our program page.

About the Author
Dr. Andre Slonopas
Dr. Andre Slonopas is an Assistant Department Chair in the Department of Strategic Intelligence. From the University of Virginia, he holds a B.S. in aerospace engineering, a M.S. in mechanical and aerospace engineering, and a Ph.D. in Mechanical and Aerospace Engineering. He also holds a plethora of relevant certifications, including Certified Information Security Manager (CISM®), Certified Information System Security Professional (CISSP®), Certified Information Security Auditor (CISA) and Project Management Professional (PMP®).

CISM is a registered trademark of Information Systems Audit and Control Association, Inc.
CISSP is a registered trademark of International Information Systems Security Certification Consortium, Inc.
PMP is a registered trademark of the Project Management Institute, Inc.

Next Steps

Courses Start Monthly
Next Courses Start Jun 3
Register By May 31
Man working on computer