The use of mobile devices for business purposes has become the norm in today’s fast-paced economy. Employees prefer mobile devices — smartphones, tablets and laptops — that enable them to work from any location, including at home or while traveling.
Companies are able to improve business performance and efficiency when employees use mobile devices, and technology hardware costs can be reduced when employees use their own personal equipment. However, these benefits must be weighed against increased cyber risks to company networks, systems and data.
Nearly two-thirds of employees today use a company-approved personal device for work. Many employees prefer to use their own mobile devices because it’s simpler, requires no learning curve, and enables greater efficiency and responsiveness to after-hours work requests and email. A recent survey found 85% of organizations have bring your own device (BYOD) policies.
However, the use of mobile devices can present significant security challenges. Corporate IT departments find it much harder to defend company data, systems and networks when employees use their own mobile devices for business. Employees often neglect to update security software or change passwords, and some may use public Wi-Fi, which could enable a hacker to slip into company networks.
The threat that mobile devices pose to customer data is especially worrisome.
The use of mobile devices extends a company’s security perimeter beyond the walls of the office and out into the world at large. This leaves the company more vulnerable to phishing, malware, ransomware and other cyberattacks, leading to unauthorized data access. Lost or stolen mobile devices pose a particular threat.
Security experts note that 91% of all cybersecurity attacks and resulting data breaches originate from a phishing email, and mobile users are 18 times more likely to be exposed to phishing than malware.
Security Best Practices
Employee engagement and commitment are critical elements of a successful approach to mobile device security. Employees must have a clear understanding of the threats posed and their ramifications for the business. They must be held accountable for adhering to all cybersecurity policies, especially when using mobile devices.
Most companies allowing BYOD are adopting acceptable use policies for mobile devices. Several best practices are often included:
- Employees must change default passwords, use strong passwords and update them frequently
- Company-provided anti-virus and protective software must be added to personal devices and cannot be disabled
- Security software updates must be made immediately (if not automatically initiated)
- The use of public Wi-Fi networks is strictly prohibited
- Personal devices must be backed up often and encrypted
- Lost or stolen devices must be reported immediately to the company’s IT or security department
Many companies also hold annual cybersecurity workshops to reinforce the dangers posed when using mobile devices. By engaging all employees in the fight against cyber threats and establishing sound mobile device policies, organizations can be better positioned to protect their valuable data and resources, as well as the interests of their customers.
This information is educational and informational in nature, and not intended to be used as tax, legal or accounting advice. We advise you to consult your tax, legal and accounting advisors regarding your tax needs.