BYOD and Cyber Essentials explained

BYOD and Cyber Essentials

You’ve probably heard the phrase BYOD before. ‘Bring Your Own Device” has been the darling of business and technology journalists for much of the last decade. And BYOD really is more than just hot air and hyperbole. For SMEs, it has the potential to change the way we approach procurement and resourcing forever.

However, what you’re less likely to have read about, is its connection with the Cyber Essentials certification. So, if you’re considering taking the plunge and adopting a BYOD policy, read our short guide first. 

What is BYOD?

BYOD, or Bring Your Own Device, is simply giving employees the option to use their own devices for work. And this can mean everything from their own smartphones through to tablets and laptops. 

Why do businesses adopt BYOD?

Like most business decisions, the benefits of switching to BYOD are largely cost-based. As any SME founder will tell you between grimaces, procuring hardware for all your staff can be eye-wateringly expensive. So having employees use their own is an immediate boost to a businesses’ bottom line. A Cisco report into BYOD found that businesses using it saved on average $350 per person, per year. 

But it’s not all about the money. BYOD also offers employees greater choice over the tools they use for work. Anyone who’s ever used an Apple laptop at home and Windows machine at work (or vice versa) knows how annoying it can be to keep switching between operating systems. So why not let your people choose? 

On top of this, BYOD can provide productivity benefits. The same Cisco study revealed that workers save an average of 81 minutes per week by using their own devices, or nine working days every year. And it can even improve employee wellbeing. In a study produced by Samsung, 78% said it helped them achieve a better work-life balance. 

What does it have to do with Cyber Essentials? 

So BYOD has many benefits and is becoming ever-more popular in the UK – 45% of UK businesses in 2018 had some form of BYOD plan. But what does this have to do with Cyber Essentials?

Well, it’s actually very simple. Any device being used for work purposes is likely to connect business networks and access company data. This poses security risks. 

As we discussed in our recent ebook on remote working, employees using their own devices to access company networks and data can present a host of problems. Personal devices will often have inferior security tools to business ones. Employees are less likely to follow strict security protocols on their own devices. And, there’s plenty of evidence to suggest that we all engage in riskier behaviour when using our personal laptops and phones.

All of this can expose your business to unnecessary risks. But it doesn’t mean you need to scrap your plans for BYOD.

Does Cyber Essentials cover BYOD? 

If a device is used to connect to the business network or access any business information, then it should be considered within the scope of Cyber Essentials. This includes doing some after-hours work on your home computer, accessing the company Google Drive, and even browsing work emails on your mobile. 

If a device is used to connect to the business network or access any business information, then it should be considered within the scope of Cyber Essentials

It’s all too easy to fall into the trap of considering personal devices some separate entity, entirely disconnected from work. But that just isn’t the reality of many of our working lives. In our ‘always-on’ culture the personal and professional have a habit of bleeding into each other, particularly in an era when many of us are working remotely. 

This means it’s vital you ensure that all devices used for work, whether personal or company-provided, follow the core tenets of Cyber Essentials. For example, ensuring security settings are switched on and up-to-date, anti-malware tools are installed, and apps are regularly updated. 

What if you don’t have a formal BYOD policy? 

Even if your business doesn’t have a formal BYOD policy, it’s still important you guard against the threat posed by personal devices. To illustrate, at CyberSmart we don’t have a formal BYOD policy, but we know many of our people use their phones to access emails and files. 

So to ensure we’re not giving cybercriminals a backdoor into the business, we ask that every employee installs CyberSmart Active Protect on any device they might access work from. The CyberSmart app constantly checks any device that it’s installed on is compliant with Cyber Essentials and flags any problems to both us and the user. This means that however our staff choose to work, we can be sure they’re doing it safely. 

BYOD has the potential to totally transform the way your business looks at procurement. But it also requires good cyber hygiene if it’s to be liberatory rather than a liability. So if you’re considering adopting BYOD, start by getting Cyber Essentials certified. 

CTA button

Back to School: Free tips and tricks to protect your business from cyber threats

Cyber threats

All through September, we will be sharing the free tips and tricks, that you can implement straight away to ensure your organisation protects itself from cybersecurity threats.

Currently in the UK, 32% of SMEs experience cyber-attacks every year, a figure that is increasing, with costs running into the thousands of pounds. With a few preventive measures, it is actually possible for you to fight these threats. By implementing various techniques, strategies, using free tools and being aware of the main ways your business might be targeted, you can take protect your business today.

Come back throughout September as we add more tips. It’s time to become CyberSmart.

1. Use Two Factor Authentication (2FA)

Adding an extra layer of security to your accounts can never be a bad idea. With a lot of platforms these days, 2FA is available, where you either: receive an SMS (least safe), Email (medium level safety) or authenticate via an app (recommended). There are free and premium solutions available, such as 1Password, allowing you to enable higher levels of security and 2FA across all your personal and business accounts.

2. Time to have an app clear out

Do you know all those apps you have installed but you never use, they should go. If you have apps that have been installed for months, not been updated, they could be full of vulnerabilities, waiting for a cybercriminal to exploit. When you delete these apps make sure to delete your account and unlink any credentials.

3. Are your email details available on the internet already?

This can be a scary thought but more than likely, your email has been compromised before. With the introduction of GDPR, more and more companies are openly admitting cyber breaches. We recommend using haveibeenpwned.com to check if your email has been compromised in a data breach before. Simply enter your email, check for breaches and address the situation.

4. Are you really going to plug that USB in?

You should be extremely careful with USB devices. Even after formatting, malware can still be present so ensure you completely trust the source of the device or go one better, do away with using USB full stop.

5. Update, Update, Update

Updating your apps and software can prevent 85% of targeted attacks. Make your business safer by allowing all updates to be automated, you don’t even need to think about it.

Make sure your operating system (on all your devices) and all applications are updated, at all times, updates are free after all.

6. Always lock your devices

It’s often funny when you walk away from your computer to come back and find a funny background picture, right? During the time you allowed for that to happen your business could have experienced a catastrophic and business impacting data breach (and many other potential risks).

Always lock your screens, and make them only accessible by you.

7. Might be 2019, but that doesn’t mean Antivirus is out of fashion

Antivirus is a necessity for all your devices, desktop and mobile. Without an antivirus, you are putting your business at risk of those pesky viruses but also of Malware, lurking in the background, dormant or actively damaging your device. There are many antivirus options out there, some may even come pre-installed with your device, others with free and premium versions. There’s no excuse not to be using an antivirus.

8. Turn on your firewall

Most operating systems come with a firewall and there’s a very good reason for this. Ensure all your business devices have this on, as it’ll create a buffer zone between your network and the internet, a highly valuable preventive measure for cyber attacks.

9. Ransomware, sounds scary but what is it?

Ransomware is one of the biggest cyber threats your business faces as it encrypts ALL YOUR DATA and locks you out of your device.  Then normally it requests a ransom payment of a few hundreds of pounds in order to give you a decryption key.

How do you protect yourself?

  • Backup all your data (often and in different locations)
  • Vital business information shouldn’t be only on your computer
  • Don’t click on emails from unknown senders (and NEVER access .zip files in emails from these senders)
  • Like we mentioned earlier, UPDATE your OS and apps
  • Have an antivirus installed

10. Do you know how to spot a phishing email?

Firstly, a phishing email’s intention is an attempt to collect your personal data, and more than likely you have come across it one (or many) before.

  • Serious businesses will never display your email address in the subject line
  • Check out the sender and their email, try to spot how valid it is
  • You don’t have to open an email just because it instils some sort of urgency (the more urgent it may look, the higher the likelihood of a breach)
  • Always check links before you click.

11. Check back tomorrow

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button