Friday 01 May 2020

This advice has been collated by EMSOU and is intended for wider distribution within the East Midlands Region to raise awareness among businesses and the public.

Advice and information is changing daily as we navigate our way through the COVID- 19 pandemic, so please ensure you only take information from reputable sources.

If you require any further information, assistance or guidance please contact the EMSOU Protect Team or your local Force protect team.

With the rise in cloud computing, employees using a web browser, or a piece of client software can access an organisation’s sensitive data, and with many employees using their own devices to access company data, this can present issues around security and safety.

In today’s blog, we’re exploring ways that companies can keep their employees’ personal devices safe and compliant with data protection, while still allowing them to work as efficiently as possible in a remote location – especially important at this time.

For up-to-the-minute information about cybersecurity throughout the COVID-19 crisis, remember to subscribe to our email newsletter.

What is Bring Your Own Device?

Bring Your Own Device (BYOD) refers to an employee accessing company data from a personal device and has grown in popularity over the past few years. Many employees have devices of their own, such as a mobile phone or laptop and want to use them rather than using a device issued by the organisation.

This can be a real problem for any organisation that permits their use and the expression “Bring Your Own Disaster” is often heard.

The problem is, how can an organisation be sure that a personal device is;

• Password protected

• Has anti-virus installed

• Updated and uses secure online connections

• Encrypted, tracked and can be remotely wiped if lost

• That organisation data is not being auto synced to the employee’s own cloud storage

• That organisation data is removed when the device is disposed with

Other potential problems arise if an employee leaves the company. Will they agree to allow their device to be checked to ensure that no organisation data is on the device and in the event of an organisation reporting data loss?

Solving the problem:

A complete ban on the use of personal devices is one solution. However, this will involve issuing everyone who wants to work remotely with a company issued device and strict technical enforcement of system and data access.

Investing in Mobile Device Management (MDM) software is another possible solution. MDM can enforce the use of passwords, encryption and push security updates. It can block certain apps, separate your data from the employee’s and even remove data if the device is lost. Employees will need to consent to the installation of an MDM app on their personal device.

MDM software can be a cost-effective solution for some organisations. By allowing employees to use their own devices, on their own plans and provider, organisations will not need to buy or maintain devices or force employees onto a specific platform or ecosystem.

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.