How To Reduce the Cost of BYOD in 5 Steps
by TUCU Managed IT Services in Toronto
Many small businesses in Canada are making remote work a permanent part of their business. However, not everyone is doing this with the same efficiency (or profitability). For instance, an Oxford Economics study found that organizations that provide employees with devices spend more on average than organizations that implement BYOD.
As a result, companies, especially small-medium businesses in Canada are using the BYOD model to introduce remote work into their company. The immediate benefits in cost savings and increased employee productivity the model promises make it hard not to.
It will surprise many, though, that the savings on BYOD models might not be as high as thought. For instance, storing customer data (or even being able to access it) on a personal device opens up businesses to hefty fines (to the tune of millions). At the same time, using fully-secured company-issued devices is out of most SMBs annual budgets.
So in this guide, we’ll take a look at how businesses can reduce the total cost of Bring Your Own Device (BYOD) in 5 steps.
Biggest Cost Culprits in BYOD Policies
A closer examination of BYOD initiatives shows three major areas most likely to eat up cost in implementation.
Mixed Technology Stack
Freedom of choice is the crux of BYOD and with that comes complexity, at least for the IT department. Because employees are free to use the device or technology they are most comfortable with, the IT department must therefore be able to provide support for a myriad of devices and multiple Operating Systems, including outdated ones.
Besides that, consider the hundreds of different files people download onto their devices. If just one has malware, it could contaminate the organization's server and expose sensitive customer data within seconds. And monitoring each device for such malware adds a huge cost.
Not to mention, for growing companies, IT personnel requirements (and costs) will increase significantly with new employees.
Cyber Security Setbacks
The three major areas where BYOD poses security challenges are:
Lost or Stolen Devices
Most data breaches are not the result of external hackers or anonymous hacktivists. Often they result from lost or stolen devices. A pre-pandemic report by Kensington revealed that one laptop is stolen every 53 seconds and over 70 million cell phones are lost each year. With only 7% of them recovered, chances are you're not getting your device back.
That means all the information, no matter how sensitive, is at the mercy of whoever has the device. Once again, antivirus and anti theft software exists but it’s an added cost
Malicious applications are one of the easiest ways bad actors can compromise a system. Non-tech employees are particularly at risk of compromising their device as they may not pay close attention to the permissions granted. With approximately 230,000 malware samples created daily, it is a vicious threat to IT security in Canada.
Employees often work on public Wi-Fi networks that are not secure at all. Anything an employee views on these unsecured networks is vulnerable to bad actors.
According to NIST 800-46, "organizations normally have no control over the security of the external networks used by telework clients. Communications systems used for remote access… are susceptible to eavesdropping, which places sensitive information transmitted during remote access at risk of compromise.”
Slow Onboarding and Lack of Automation
Employees connecting multiple devices also result in a growing attack surface that the IT staff must contend with and defend. Employees also have high expectations for prompt access and delivery of services to match what they experience at home and enable them to deliver on their job functions.
Most SMBs rely on basic onboarding methods built into their network infrastructures, such as pre-shared keys and MAC authentication via captive portal. These methods tend to create user experience issues and security risks, both of which increase IT remediation costs.
A properly configured BYOD solution will not only improve remote work security but will standardize and automate the new staff onboarding process. IT will be complete with security settings, software and apps installed, email setup, appropriate permissions to folders and data and so on.
5 Steps to Make BYOD Less Expensive
Luckily, there are ways to mitigate the risk of BYOD and reduce the cost of implementation while ensuring IT compliance for small businesses. These steps include:
1. Develop a BYOD roadmap
Organizations contemplating migrating to a BYOD model need to develop comprehensive policies and procedures that protect company data and ensure a seamless experience for employees. Consult with key stakeholders, such as Legal and Human Resources to gain insights and perform workload and workforce analysis.
We also recommend creating an approved list of supported devices that employees can use, a clear definition of the level of support provided for personally owned devices, policies concerning onboarding new devices and dealing with lost or stolen devices, and so on.
IT compliance for your small business. NIST Compliance for small businesses (or ITSG-33, which is the Canadian equivalent to NIST 800-53 ) provides detailed guidelines regarding implementing security controls across many industries.
2. Find a cost-effective device management tool
There are many options for device management tools available to Canadian SMBs. Each has its own strengths and weaknesses. Here are some things SMB owners should consider when choosing a device management tool:
- Supporting Ecosystem: Not all MDM suits will support the same devices. This is only a problem if you’re a large team with a variety of devices.
- Ancillary Services: Look for MDM suites that come with additional services you require or may require in the future.
- Compliance Requirements: Ensure that the MDM software meets compliance requirements set by your industry’s regulatory body.
- Implementation Difficulty: Some MDM suites require more complicated setups than others. For instance, Microsoft Endpoint Manager in Microsoft 365 is one of the simplest management tools for BYOD.
It’s worth considering working with a managed service provider (MSP). An MSP will almost always be less costly than a full-time IT staff and enable you to outsource services like device management, network application, and infrastructure security.
3. Leverage automation for onboarding and access control
Onboarding and access control can easily eat into most of the IT. budget By leveraging automation in these areas, SMBs can:
- Reduce the costs associated with manual work (such as configuration and support activities).
- Reduce time to onboard – Users connect to work faster.
- Decrease the risks – with automation, high-risk devices are blocked automatically from the beginning or connected to a separate, restricted segment of the network.
- Reduce downtime by instant onboarding new employees.
- Verified devices can be automatically re-authenticated thereafter without human intervention.
Automation of onboarding and granular access control frees IT personnel to focus on more strategic work.
4. Focus on data security
The average cost of a data breach among the companies surveyed reached $4.24 million per incident. Sure, for SMBs, the cost will be proportionate but that is still enough to put any business under heavy financial stress.
Allowing employees to use personal devices with few guidelines or preventive measures opens the business up to major risks.
The NIST compliance framework outlines seven security concerns related to BYOD:
- lack of physical security controls
- use of untrusted mobile devices
- use of untrusted networks
- use of untrusted applications
- interaction with other systems
- use of untrusted content
- use of location services
To guard against these concerns, consider implementing best practices, such as:
- Data or device encryption
- Software with remote wiping capabilities
- Geofencing and Geolocation
- Requiring the use of biometrics and strong passwords to unlock devices
- Deploying Multi-Factor Authentication (MFA) in addition to the normal corporate credentials as passwords to access data
These measures will prevent possible exposure in the event of device loss or theft or the use of an unsecured network. While considering these data security controls, it’s important to remember that preventive remediation is always cheaper than actual remediation.
5. Modernize costly monolithic infrastructure
For most SMBs, the IT infrastructure simply cannot cope with the modern demands of remote working Many SMBs wrongly believe that upgrading their hardware and software will improve their network capabilities when that’s merely a temporary mix.
The long-term solution is moving to cloud-based services and using modern technologies that enable SMBs to:
- Validate Remote Access for Employees
- Better manage bandwidth
- Use secure remote desktop
- Enable VPN-based remote work
- Reduce licensing on third-party subscriptions
- Increase WiFi capacity to support additional traffic
As an added benefit for cost reduction, moving to a cloud-based (even partly) means that the company shifts from a Capital Expenses model (CapEx) to an Operating Expenses model (OpEx) which costs considerably less.
Wrapping up: BYOD for Canadian Small Businesses
Remote working may have been a product of a global health crisis but it’s here to stay. With virtually no fixed costs to the organization and improved employee productivity and engagement, remote work has become a permanent fixture.
BYOD security initiatives go hand-in-hand with remote work. As remote work becomes a mainstay for businesses, so too does BYOD. In fact, statistics show that the BYOD and enterprise mobility market will grow by $1.01 bn between 2021 - 2025 and reach 180.8 bn by 2027.
If you’d like to learn more about how you can maximize productivity in remote working, reach out to TUCU Managed IT Services Inc — one of Canada’s top-rated IT security and productivity firms — for a free consultation today.
TUCU offers cloud consulting services and support including Google Workplace support, Microsoft 365 support, Azure Cloud support and comprehensive IT security services and support. Let’s talk.