The Hidden Risks of Unmanaged Devices
Hybrid Work = Higher Cybersecurity Risk
Leveraging Microsoft 365 Tools for BYOD Security
Creating a Balanced and Secure BYOD Policy
Download Our BYOD Decision Chart
Do your staff have access to work emails from their personal device via web browser or app? This already falls under Bring Your Own Device (BYOD). With budget concerns always being a top priority in organisations, BYOD policies have seen great uptake in recent years. But while they may offer convenience, they also introduce a multitude of blind spots into your IT infrastructure. Most personal devices used under BYOD policies are not enrolled in Mobile Device Management (MDM) systems like Intune. This means IT managers lose control over essential security measures such as patching, encryption, and app installations. The risk is compounded if these devices are lost or stolen, as they often contain sensitive work data that can be easily accessed.
Furthermore, personal emails and applications on these devices can bypass Data Loss Prevention (DLP) measures, creating further security vulnerabilities. The absence of a unified management approach leads to these unmanaged devices becoming potential entry points for cyber threats.
Unless you have total control over a staff phone, you're putting your organisation at risk.
The shift to hybrid working models has significantly increased the challenges associated with BYOD policies. Staff now frequently work from home or public spaces like coffee shops, often connecting to untrusted networks. These environments lack the security controls found in traditional office settings, increasing the risk of data breaches.
Many businesses initially adopted BYOD policies during the COVID-19 pandemic to make remote work easy, and to save on costs and logistics of buying and getting devices to their staff. However, these policies have not been revisited or updated to address the evolving security landscape, leaving organisations vulnerable.
Imagine a staff member downloads a dodgy app to their personal device on which they have access to company data (Outlook, Teams, SharePoint). Unbeknownst to you, company data is being transferred to a third party, leaking important confidential company data to your competitors.
For manufacturing companies, compliance with regulations such as GDPR, ISO 27001, Cyber Essentials+, and DORA is non-negotiable. BYOD policies introduce significant compliance challenges, making it difficult to track who accessed what data and when. In the event of a data breach, proving that a personal device was secure becomes a formidable task.
Non-compliance can result in severe repercussions, including hefty fines and reputational damage. Does your organisation's BYOD policies align with regulatory requirements to mitigate these risks?
Microsoft 365 offers a suite of tools that can help mitigate the risks associated with BYOD policies, but they must be properly configured to be effective. Conditional Access can limit access from personal devices, ensuring that only compliant devices can connect to corporate resources. However, we have experienced that many organisations we speak to leave this feature open, undermining its potential benefits of risk reduction.
Intune allows for secure device enrollment and the implementation of wipe policies to remotely erase data from lost or stolen devices. Yet, most organisations do not enforce these measures adequately. Additionally, Defender for Endpoint can protect unmanaged devices, though licensing requirements may vary.
Striking a balance between flexibility and security is the key point of a successful BYOD policy. One approach is to limit personal device access to read-only modes via browser, preventing downloads and reducing the risk of data leakage.
Implementing mandatory app-level controls, such as requiring the use of Outlook with Intune and Multi-Factor Authentication (MFA), can further enhance security. Moreover, a clear BYOD policy should be communicated to all staff, supported by legal and HR departments to ensure compliance and understanding.