Today’s employees are always connected, thanks to ubiquitous broadband and a wide range of portable devices, from smartphones, tablets and laptops to fitness trackers and a plethora of smart devices such as watches, cameras and GPS navigators. How necessary is this level of connection?
Cinemas and restaurants are no longer peaceful, with beeps, chimes, vibrations and other alerts notifying everyone in the vicinity that something else (generally of a trivial nature) has occurred in your vast network of contacts. It makes sense that social addicts want to spread this contagion to the workplace since not being connected can produce a sense of withdrawal not unlike that of those coming off hard drugs. We need someone to like that oh-so-interesting photo of last night’s chicken chow mein. We need someone to know how we feel at work… Or do we?
Let’s look at the motives behind BYOD adoption for companies and device users. Visitors to your home quickly request access to your Wi-Fi as most are tied to a set data plan by their mobile carrier, with a monthly cap and corresponding rate per gigabyte of usage. Using Wi-Fi, device users can access broadband Internet and reduce data usage over 3G, 4G or 5G. Therefore, we can safely conclude that users want BYOD to save money on data charges by connecting to the company Wi-Fi.
Employers also want to save money, of course and by allowing employees to use their own devices, do not have to issue company-owned devices. Since it is likely that personal devices are of a higher spec than those purchased for business use, there are also possible productivity benefits.
In an ideal world, the story ends there, everyone involved saves money and lives happily ever after. Unfortunately, there are drawbacks for both parties, ultimately caused by data, user and device management requirements.
Can any company afford to provide Wi-Fi access without considering potential security risks to the network and the data residing on it? No, as every jurisdiction is likely to have regulations and mandatory requirements relating to data security, personally identifiable information (PII) or indeed e-discovery. Therefore, any cost savings in allowing BYOD are likely cancelled out by the management of BYOD devices.
As a former network administrator, I appreciate the additional workload a BYOD program can place on the IT team (the team blamed when the network is breached or data is lost).
The problems with BYOD from a security perspective include but are not limited to:
For employers considering BYOD, device admin is typically the single thorny issue. If a user does not want the company to administer the device (and I wouldn’t) then the company should not allow the device to connect to company Wi-Fi. End of story. If the same employee needs a company device for travel or remote work, then issue a company-owned device as the company can administer it as they desire.
In conclusion, I believe that constant connectivity is not needed, unless you are a volunteer firefighter or an on-call medical professional. For family emergencies, SMS is still an effective way to receive an urgent message. After all, employees can still use their mobile carriers for internet access if needed at work. From a company perspective, is it easier to only allow company-issues devices access to the network? It varies from company to company, but for the most part, when full administration of employee-owned devices is necessary, the resulting admin and security risks may not be worth it. There are also HR (if an employee uses the device on work tasks outside working hours, expect to compensate that employee) and legal considerations (under e-discovery, mobile devices are included, and data loss can result in substantial fines) in some jurisdictions. I recommend you identify all potential risks before embarking on a BYOD strategy. What do you think? Is the use of personal devices an issue in your company?
Register for a 14-days free Trial
SMSEagle is a hardware & software solution that guarantees a swift delivery of your messages to designated recipients, whether it’s for notifications, alerts, or important updates.
The NIS2 Directive (EU 2022/2555) introduces a fundamental shift in the approach to cybersecurity risk management. An organisation’s responsibility no longer ends at its own infrastructure—it now explicitly extends to suppliers and service providers whose services are critical to business continuity.
The NIS2 Directive (EU) 2022/2555 replaces the 2016 regulatory framework, introducing harmonised cybersecurity governance requirements for essential and important entities across the European Union. One of its key operational provisions is Article 23, which defines the timelines and scope for reporting cybersecurity incidents to the relevant competent authorities and CSIRT teams.
The objective of the NIS2 Directive is to enhance the level of cybersecurity and operational resilience of organizations providing services that are essential and important for the functioning of the economy and society.
