Icon (Close Menu)

Logout

Bring Your Own Device to Work? Better Not (Chris Wright Commentary)

Chris Wright Commentary
3 min read

THIS IS AN OPINION

We'd also like to hear yours.
Tweet us @ArkBusiness or email us

It’s back to the office, we go — or is it? Despite the corporate push to return to in-person workplaces, nontraditional arrangements remain prevalent. Owl Labs’ recent State of Work survey shows that our workforce is increasingly mobile. Today, nearly 40% of U.S. employees are either hybrid or remote.

As someone whose industry often enables me to operate from nearly anywhere, I understand the appeal of a looser approach to a suitable workplace or typical business hours. Corporate flexibility is a proven tool for enhancing recruitment and retention. And with clear protocols, companies can structure these jobs to ensure optimal productivity and profitability.

But there’s an important caveat. A mobile workforce must follow the same stringent cybersecurity protocols as in-person employees. Without proper control over all users’ devices, businesses could face enormous cybersecurity risks.

No, I’m not talking about smartphones, which are inherently more secure than computers due to more recent operating systems and apps with greater safeguards. Most businesses can accept that risk. When I refer to a “device,” I mean laptops or desktop computers.

Some companies, especially those with more limited operating budgets, may be tempted to authorize workers to use personal devices. But remember, business and recreational computing are drastically different, and the management of these devices should be, too.

If — and that’s a big if — a company permits employees to work on already-owned or individually purchased computers, the devices must be modern and updated. Equally important, they must be under company oversight, meaning they are equipped with management and monitoring tools.

What if an update or patch is needed, and employees repeatedly ignore the alerts? Their antivirus could malfunction, giving cybercriminals access to their networks to steal corporate financial information. This likely wouldn’t have happened if the computer were work-owned or operated, as IT would have seen and addressed the issue before malicious activity occurred.

Pore through the National Institute of Standards & Technology Cybersecurity Framework 2.0, and you will see that the first — and most effective — step in protecting our system is controlling our risk. Oversight of employees’ remote devices should be a given, ideally through professionally managed IT.

So, what should businesses do? They can purchase and provide commercial-grade devices for employees with the necessary software and cloud-based services. Or, if they want to offer more choice, they could create a procurement portal with approved options. Both would eliminate the headache of letting workers choose devices without guidance or attempting to modify their existing devices with new controls.

As a small-business owner, I understand the appeal of upfront cost savings. Unfortunately, allowing employees to use their own devices — even if it seems cheaper on the front end — could lead to a much more painful and expensive breach or attack in the future. When your company is at stake, the investment in business-grade equipment, cloud-based services and proper IT management is well worth it.


 

Christopher Wright is co-founder and partner at Sullivan Wright Technologies, an Arkansas-based firm providing tailored cybersecurity, IT and security compliance services. 
Send this to a friend