BYOD is Bring Your Own Device and CYOD is Choose Your Own Device, and the difference between the level of control and security your small business can have with each is night and day. You’re using BYOD if your employees use their SmartPhones or personal computers for work. You’re using CYOD if your company purchases and manages the devices your employees use to work remotely. As IT Consultants, we regularly help business owners understand the security gaps present when they allow employees to work off personal devices. This post will help you gain an overview of BYOD.
What Are Common Problems With BYOD?
The BYOD problems are many but in a nutshell, if your organization doesn’t lock down and manage devices employees use at home, you increase your risk for viruses and network breaches. Here’s why:
- You can control your network security in the office, but once a user takes their computer home and connects to that network, the computer and files can be vulnerable because chances are, their home network security is insufficient.
- User behaviour at home can be more high risk such as using the device for social media, online games, downloading files from various peer to peer networks, or just accidentally clicking malware while browsing entertainment websites where they are commonly found.
- The user can inadvertently or intentionally download client files or contacts that belong to your business. This means that confidential data your business gathered is now available outside your secure domain. It also means that a user could use that data for their own purposes. Most employees are good and harbour no ill will, but it wouldn’t’ be the first time an employee stole contacts and accidentally leaked private data.
- There is an increased risk of data theft if the user is transporting this device daily and is not using lock screens, strong passwords, or remote data wiping software.
How Is CYOD Better Than BYOD?
Rather than BYOD where a user owns and manages security on a device they use to connect to your business network, with CYOD, your small business owns and manages security on devices which you assign to employees for home or remote use.
With CYOD, you enforce certain computer security measures via policies and improve total IT Security.
For example, with CYOD, you can set a policy that requires the device maintain a lock screen to safeguard against unauthorized access and data loss. While this may be possible with some BYOD setups, it most often is not, or very difficult to manage.
Another example – an important aspect of protecting your company’s network is to safeguard it against malicious attacks from malware. With a CYOD setup you can set policies to control the anti-malware software used on all devices. With BYOD, your devices may have no or poor anti-malware installed, or decent anti-malware but a user who forgets to update, all which leave you open to more risk.
CYOD paired with Managed Updates are a great combination for total computer security for small business, and to protect from The Careless User and The Savvy Cybercriminal alike.
In a battle between The Careless User vs The Savvy Cybercriminal, your business will likely lose.
Remote Work Security
Do you really need employees to work from home? Many BYOD companies are moving away from it now due to the security issues and management cost. Decide if your team truly needs to work from home or elsewhere. If so, does the entire team need remote access, or just certain members? Keep in mind these figures on the cost of managing remote employee devices.
These figures are from enterprise organizations and they would scale down for small business, but would remain a cost and IT management factor.
Tips To Switch From BYOD to CYOD
If you don’t have any policy in place, setting up CYOD from a clean slate will be easier for your small business. If you are presently using BYOD and are switching to CYOD, here are some tips to help you make the switch.
- If you decide that your users do need to work remotely, then decide on the type and make of devices you need to purchase for your CYOD program.
- Explain to users why CYOD is being adopted and why personal devices will no longer be allowed on the network.
- Create a CYOD agreement which users sign and which outlines security expectations and device care expectations. This document should also include the name and serial number of the device being assigned to the user.
- Set strong password policies for the entire team.
- Set a firm cutover date and advise all employees BYOD devices will no longer be allowed access after that date.
- Consider using professional grade platforms such as Office 365 which allow you to set policies on CYOD devices (i.e. remotely changing the password or access to a device or documents).
- Consider hiring an IT Consultant to help you with your project.
We hope this article helped you decide on if you need employees to be able to work from home or remotely. And we hope it helped you to better understand why CYOD is a better option, even when BYOD looks so much “cheaper” because employees can just use their own devices which they already have.
Toronto IT Consultants: TUCU is an IT Services Company located in Toronto ON, offering SMB IT solutions, including network security assessment, remediation and support, as well as data security solutions such as Mobile Device Management and Identity Access Management to help you control every user account and device that accesses your company data. Contact us to schedule your free consultation. We’ll be happy to discuss your needs and help you protect your business from data loss and breach.