Why BYOD is Dangerous

BYOD also known as Bring Your Own Devices is very dangerous to the organization because of what doors and social engineering avenues that comes with mixing business devices with personal devices, usage, and environmental settings.

There are Certainly benefits to permitting the use of personal devices such as putting the cost to maintain the device(s) and the actual procurement and upgrade falls back on them. No cost is incurred with BYOD from an onboarding and offboarding perspective as well. Everyone always wants the new iphone these days so its now potentially wiser financially for companies to consider BYOD but I am still of the mindset that mixing Personal Devices with Corporate Devices gets sticky and icky.

1st Reason is Romantic life communications should not be mixed with work. Do you really want to be sharing your iPhone Screen to a Conference Room Screen and get a preview of naughty text from a significant other? It just seems like an avoidable situation.

2nd Reason is Propper Containerization is sometimes overlooked. You shouldn’t be able to exfiltrate data via Corporate Apps on any MDM Enrolled Device.

3rd Reason is Some Corporations are creepy. Some Corporations prioritize themselves over the individual which can lead to very toxic behavior including Spying on Staff and in most cases reserving the ultimate right to remote wipe or unlock your device. These features exist and cannot be disabled in most MDM Management Solutions so there is a degree of trust involved.

4th Reason is Staff giving their phones to their kids and grandkids lol. You’d be surprised but little kids can now send emails before learning how to walk. Child proof devices that are connected to company resources by not mixing personal with company devices.

5th Reason is Scope of Support. Your Service Desk is going to be bombarded with an increased level of unique Service Interruptions all related to differences in Mobile Phone Manufacturer, Firmware, OS Version, app settings, and instructional documentation. A common issue among Bring Your Own Device Model is a device is only as secure as the person using the device and the person administering the device. Without required security controls managed from a Centralized method or location you open the organization up to vulnerabilities.

Ultimately the decision to utilize a Bring Your Own Devices Model is up to each individual organization. In reality as long as you containerize properly and prevent copy and paste and prevent screen capture and prevent loading of personal accounts in Corporate Containers then technically you check all the appropriate boxes for Security and you will certainly save money from a Mobile Phone Procurement and Monthly Plan perspective. The increased workload placed on Service Desk should be mitigated as much as possible through robust testing and implementation of the Mobile Device Management Solution and Rollout. A Summary of all “Phase Completions” should be properly relayed to all interested and invested parties and teams to best prepare for the Company’s success. Combatting Exfiltration is by far the most important aspect of a Secure Mobile Device Managed Infrastructure.