With businesses adapting to the ubiquitous nature of technology and the effects of the coronavirus pandemic, a potential solution for many is allowing employees to use their own personal mobile devices in the to carry out their work. As well as providing a seamless transition between remote and office-based working; BYOD can confer a number of benefits to businesses, such as:
– A reduction in business costs as employees no longer need to be supplied with mobile devices.
– An improvement in employee morale and job satisfaction
– An Increase in employees’ flexibility and efficiency
Notwithstanding the benefits of BYOD, there are inherent risks to be considered which can have costly implications for businesses. By allowing personal devices to store and process sensitive company data, as well as personal data which will be subject to GDPR as implemented in the UK by the Data Protection Act 2018 (cross-reference GDPR/information security portion of website), it is inevitable that the company loses an element of control over their data.
In allowing the use of personal devices, it may transpire that sensitive and personal data is being processed or held on devices which are used to carry out personal tasks such as e-mails, internet browsing and use of applications. These personal uses, accompanied with human error, can leave the device susceptible to cyber-attacks resulting in loss of sensitive and personal data. Such losses of data can result in breaches of data protection legislation and harm to business reputation.
For the reasons set out above, BYOD increases the risk of damage to business in the following ways:
– IT resources and communications systems becoming compromised.
– Loss of confidential and/or proprietary information
– Loss of customer and employee data in breach of GDPR which can lead to fines and class action lawsuits severely impacting on a business’ financial health.
– Mainly due to the aforementioned eventualities, damage to business reputation.
In order to counteract the risks associated with BYOD, it is essential to enforce a well-drafted policy to ensure compliance with the law and minimise the risk of events that harm the business in any way.
Please ask the Expert for tailored advice to your specific requirements. A bespoke policy can be drafted to ensure your business is compliant with the regulations as well as minimising the risk of costly data breaches.
