Bring Your Own Device (BYOD) is the technical term for letting employees use their personal laptops, phones and tablets for work. Security firm CyberSmart estimates that over 70% of UK businesses have some sort of BYOD scheme in place.
For employees, it can increase flexibility, enabling them to work with confidence on systems they know. Businesses can save money on digital devices and benefit from increases in productivity. But there are risks. Staff-owned devices – including mobiles, tablets and computers – may lack the robust security measures found on devices and hardware issued by the company. This can make them potential entry points and targets for cyber threats.
The question is, should anti-virus software be mandatory on all BYOD devices accessing your network?
The risks of BYOD
Security and anti-virus software acts as a critical line of defence against malware, ransomware, and other malicious software.
Most companies will have strong security protection in place on company-owned and managed devices. BYOD poses problems as internal IT departments and business owners have limited, or no, control over personal devices. There's no way to ensure that each device has up-to-date anti-virus protection is vital.
Without anti-virus software, personal devices can become targets for cyber threats. Hackers and digital criminals could use unsecured digital devices as entry points, potentially compromising sensitive company data and systems.
Employees may be running older versions of operating systems and productivity software that can leave systems open to attack. Microsoft warns that older versions of its Windows operating system are targets for malware. While the Apple OS is known for being more robust, vulnerabilities can – and are – frequently identified and patched. (In this case, the friendly team at Microsoft found one.)
If you're allowing employees to use their devices to access your software, systems and data, you need to ensure robust protections and policies are in place. That includes anti-virus software, but also strong and clear policies and other network protections.
Building security and anti-virus protection into your BYOD policy
Organisations should incorporate clear anti-virus requirements into their BYOD policies, says the UK's National Cyber Security Centre.
The official body has created guidance for organisations on how to choose, configure and use devices securely. These common-sense and easy-to-follow steps can help you protect your business, while enjoying the benefits of BYOD.
If you're adopting BYOD (or are already allowing it), anti-virus software is vital. But simply installing it isn't enough. To ensure the best protection, we recommend:
- Mandating the installation of reputable anti-virus software on all personal devices used for work.
- Ensuring that anti-virus software comes from a trusted source and is regularly updated to protect against the latest threats.
- Periodic scans and real-time protection features are enabled.
Anti-virus software isn't free, and employees shouldn't be expected to pay for this protection. Licenses for cloud anti-virus protection can cost as little as £20 a year rising to £70 for the highest levels of protection.
In addition to anti-virus software, employees should:
- Regularly update all software: As well as ensuring operating systems and applications are running the latest versions to patch known vulnerabilities.
- Use strong (two-layer) authentication where possible : Implement multi-factor authentication to add an extra layer of security.
- Encrypt data: Protecting sensitive data both at rest and in transit is vital, says the Information Commissioners Office (ICO). Password protection is essential, but there are more things you can do, says the ICO in its in-depth guidance for businesses.
- Wi-Fi protection: Staff should be educated on Wi-Fi security. Personal networks should be protected with a strong password and the router should have router uses WPA3 or WPA2 encryption. Use of external networks, especially public networks, should be avoided or controlled.
- User education and policies: It's important to train staff and contractors on best practices for device security, how to ensure continual protection and provide early warning about any potential threats or breaches. This should all be contained in a BYOD policy which can be standalone or incorporated into your IT policy.
Larger businesses may want to consider implementing Mobile Device Management (MDM) solutions to monitor compliance and enforce security policies across all BYOD devices.
Beyond anti-virus: a holistic approach to BYOD security
If your business is adopting a BYOD strategy, anti-virus software is crucial. But it should be part of a broader, multi-layered security strategy. By adopting a comprehensive approach to security, incorporating anti-virus protection, data encryption and strong policies, organisations can protect their networks against the growing number of digital threats.
