By Jan Dzulko
As Everphone’s managing director, I get to talk to a lot of entrepreneurs: traditional manufacturing SMEs, service providers, Berlin-based start-ups, and internationally active corporations. I talk to CIOs, CEOs, to senior executives from the purchasing, finance and legal departments about mobile strategies for their companies. When it comes to BYOD (“Bring Your Own Device”), what I see most of the time is skepticism, shaking heads, and dismissal.
BYOD? This thing is over
The BYOD skeptics are right.
What sounded like a great opportunity for employers in 2014 or 2015, has outlived its usefulness. In an age of man-in-the-middle attacks and ransomware extortions, in an age of new hacks, data theft, and cell phone viruses every day, it’s no longer the question if BYOD will go wrong – the actual question is, just when?
As icing on the cake, there are also plenty of unanswered data protection questions.
“But all the benefits of BYOD!”
Yes, what about the advantages? Let’s take a closer look at them.
Nowadays, newcomers to the workforce tend to think it’s cool and rightly expect to be provided with sensible work equipment during onboarding – and not to have to bring it with them. Especially since not all employers subsidize the employee’s expenses for the equipment they bring with themselves, which means: You have to pay for it yourself and think that’s cool, too?
That’s no longer how employee satisfaction works. But in many jobs today, a smartphone is simply part of the package.
Everphone’s CEO Jan Dzulko
Sure, you save on the cost of purchasing the devices. But compare that with the effort that BYOD causes in the IT department, and you’ll see: The potential savings on device purchases dissipate faster than an aspirin in a glass of water. In our experience, you have to calculate with several IT working hours per mobile end device, every year.
The user experience is also lousy, if the employee has to hand over his private device to a nerdy IT employee for setup. Even if it’s only for an hour. In most cases, however, it takes much longer and the smartphone remains in someone else’s hands for half a day or a whole day. A no-go!
Bring Your Own Device is the Russian roulette of mobile security. And for five killer reasons.
Five killer reasons to stop BYOD
There are many BYOD risks. Here, from my perspective, are the killers.
1. Device loss
What if the phone was stolen? Depending on whether – and if so, which – security settings have been made on the device, the smartphone can be unlocked more or less easily by hackers. This makes the mobile device a potential source of data and access for cybercriminals of all kinds; including company data and the corporate network. In the “best” case, “only” the company data stored locally on the device is lost.
2. Updates and mobile operating systems
Some users are reluctant to install updates and patches to their mobile operating systems and apps. For whatever reason, this creates security gaps. Meanwhile, many companies with a BYOD scenario don’t even know which iOS and Android versions are even accessing the company network. Does that sound safe to you?
3. No control over repairs
It’s nice that the colleague was able to have his display repaired for only 15 dollars at the cell phone repair store on the corner on some dark neighbourhood between a gast station and a seven eleven). However, the hardware can also become a potential point of attack. Of course, as a business owner, you have no control over this if the devices you bring with you have passed through repair shops or stores without any certification.
4. Insecure devices
Some devices brought along are already so old that they no longer support updates to the operating system. If the support for the respective version then expires, no more security patches are rolled out for the system: This makes security gaps and exploits possible.
In addition, there are smartphone manufacturers that already load their devices with unwanted “bloatware” when they are delivered. Unwanted data transfers are also an issue – ZTE, Huawei and Nokia recently attracted attention with negative headlines. Occasionally, mobile malware is also discovered on new devices, which the BSI recently warned against again.
Last but not least, when it comes to securing access to devices, you have to rely on the support of your employees: If colleagues use simple or insecure passcodes (“0000”, “1234”), this is obviously very detrimental to security. This means that employees would have to be instructed to follow a certain usage pattern on their own devices – sensible, but not unproblematic.
5. Data protection
Is your company active in the EU? How about a hefty fine as part of a data protection audit then? The EU General Data Protection Regulation has been in effect since May 2018. Without further actions, BYOD is almost certainly a violation of the regulation, especially if, for example, WhatsApp is used on the company cell phone.
Are you now also doubting BYOD?
BYOD is too complicated, too expensive as well as time-consuming. And above all, too insecure.
It’s the other way around: the company provides the hardware – hardware that the employee wants. This is called CYOD (“Choose Your Own Device”) or COPE (“Company Owned, Private Enabled”). The acceptance among employees is consistently high. And: You can even reduce costs in the process.
We offer these variants via our company cell phone rental model – including a repair or replacement service. If you still want to stick to a BYOD scenario, you should definitely take measures to secure your company data and ensure DSGVO compliance. Read our white paper for more information.