The pros and cons of an organisation letting its employees use their own mobile devices for work.
Why? 💭
Because we’ve been thinking about something Georgia Weidman (Founder and CTO at Shevirah and Bulb Security LLC) said at #BHMEA22:
“…a lot of the assumptions we’ve made about security up until now break down the moment we allow mobility into our enterprise.”
That’s because conventionally, security has been able to rely on a relatively clear understanding of exactly what devices are involved with a network, and how traffic flows into and out of that network. But when user endpoints are complicated by the addition of mobile devices, the picture of the threat landscape becomes a lot murkier.
So should organisations allow everyone to use their own devices? 🤔
Well, there are pros and cons.
Allowing the use of personal devices is good because…
- Giving employees that freedom to work on the devices they want to work on has been found to increase productivity and job satisfaction.
- It reduces company hardware costs – you don’t have to buy everyone a smartphone.
- Employees may be more likely to take care of devices they own, which can reduce the risk of devices being lost or stolen.
But it’s not all good. The cons include:
- You don’t have administrative access or control over employee-owned devices – so you can’t ensure they’re updated with mobile device management and mobile application management software.
- While you can govern organization-owned devices with a security policy, it’s harder to ensure that employees follow best practices for cybersecurity on their own devices – including using strong passwords and multi-factor authentication.
- While users might protect their own devices against loss or theft, it’s still more likely that mobile devices will be lost or stolen than larger, in-office devices – and a stolen device that isn’t up-to-date with security best practices can pose a big risk to your network.
Do you pen test employees’ mobile devices? 🤳 Comment your responses below!
P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action? Register now!