BYOD Becomes WFHD
Updated: Sep 9, 2020
Bring Your Own Device (BYOD) has been a part of the tech landscape for over a decade. Thanks to COVID-19, this has changed to Work From Home Device (WFHD) with all the issues this has presented to businesses. Discover how your business can manage remote mass working and turn this new way of working into an asset.
First came BYOD (Bring Your Own Device) challenging CTOs to manage consumer technology in a working environment. Now that the working environment has moved to remote mass working, WFHD (Work From Home Device) is presenting a whole new set of risks that must be mitigated.
It’s no accident that the dividing line between consumer and business applications has been blurring for several years. The popularity of BYOD has done nothing but expand. Workers love their personal devices and the applications they are used to using. They don’t want to switch to a completely different hardware and software base when they arrive at work. Of course, ‘arriving at work’ now has a very different meaning, as for millions of employees, their homes are their new long-term offices.
Flexible remote working had been becoming more common pre-COVID-19, as legislation gave the right for all workers to request more flexible working practices. However, remote mass working was undoubtedly not on many business’s strategic development roadmaps. Indeed, according to Mind Edge and Skye Learning, 80% of US respondents to their online survey claim their employers did not have a remote working program before the pandemic.
“The survey suggests that this shift to remote work during the crisis has brought with it a new set of challenges and opportunities,” said Jefferson Flanders, CEO of MindEdge Learning. “Businesses need to find creative ways to support workers struggling with setting boundaries between the personal and professional. Regardless of when Americans return to the office, many employers will find an altered workplace with a greater reliance on digital communication. They would be well served by planning for that changed landscape now.”
In the UK, the experience is similar: OpenText that quizzed 2,000 UK workers found 34% of UK workers with office-based jobs do not feel equipped with the digital tools to effectively shift their work to a remote environment, shining a light on the productivity challenge faced by office workers during the COVID-19 pandemic.
Additionally, ‘information overload’ is contributing to daily stress levels: 18% of respondents are stressed by ‘information overload’ across devices. With 8% feel they can’t unplug and are dealing with information 24/7. Another 8% feel overwhelmed with too many data sources and apps to check each day.
While a quarter (24%) of UK respondents admit remaining motivated would be their biggest challenge if working from home long-term, one in ten (11%) say access issues would be the main problem – from accessing work emails to accessing corporate file systems and content. Collaboration is also a concern: 12% say collaborating and sharing information and files with colleagues would be their biggest challenge. In fact, despite the prevalence of work applications and tools to check and use each day, a fifth (20%) of working UK respondents admit to having shared work-related files on a personal file-sharing system, such as DropBox. “Poor information management has major implications for a business,” said Geoff Sheppard, RVP Enterprise, Europe, OpenText. “Employee productivity can suffer as staff struggle with access issues while security can often become an afterthought as staff look for workarounds. With data often residing in multiple, disparate systems, an organisation’s pursuit of a single version of the truth can become virtually impossible.” “The reality is manual classification, and filing processes are error-prone,” Sheppard continued. “By implementing automation, businesses can make the most of their information and provide a seamless user experience for staff, customers and partners. This is even more crucial now as organisations adapt and respond to the COVID-19 pandemic and its impact on the business landscape.”
In a separate report, CyberArk found work-from-home habits – including password re-use and letting family members use corporate devices – are putting critical business systems and sensitive data at risk.
The survey, which aimed to gauge the current state of security in today’s expanded remote work environment, found 77% of remote employees are using unmanaged, insecure “BYOD” devices to access corporate systems 66% of employees have adopted communication and collaboration tools like Zoom and Microsoft Teams, which have recently reported security vulnerabilities.
While 91% of IT Teams are confident in their ability to secure the new remote workforce, more than half (57%) have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.
Speaking to Silicon UK, Deloitte cyber risk director, Adam McElroy said: “Given the sudden shift to remote working, not all organisations will have security policies and guidelines that consider a remote workforce. However, these must be in place for employees working from home so that they can stay informed.
“These policies should govern the management of remote access, the use of personal devices, password and authentication guidelines, and privileged access control. It is also good practice to establish information technology support mechanisms, such as a virtual helpdesk, for employees working remotely. IT teams must ensure visibility into such remote workforce devices that connect to the corporate network, to ensure they are not compromised and are connecting securely.”
McElroy concluded: “More frequent phishing attacks, typically purporting to come from trusted, official sources such as health authorities, are using COVID-19 themes indicate that cybercriminals are capitalising on fears and uncertainty around the global pandemic. Many of these phishing emails use social engineering themes to entice victims to click on an attachment or link. They do so by claiming to contain new or important safety information on COVID-19, for example, or by luring victims with financial promises, or alarmist subject lines.”
Safe and secure?
The overriding concern across the business community is how to operate what could be a massively dispersed workforce in a safe and secure data environment. Indeed, according to research from Centrify, almost half (48%) of business decision-makers have admitted that their existing cybersecurity policies are currently not suitable for maintaining a 100% remote working model. This increased risk has led to nearly two thirds (65%) anticipating an increase in phishing and breach attempts.
“Acknowledging the security issues posed by remote working is essential during this difficult time,” said Andy Heather, VP, Centrify. “Unfortunately, remote workers including third-party contractors have been deemed a desirable target by hackers and cybercriminals, who are assuming that these employees have not been adequately trained in, or protected by, the correct security measures in their transition to remote working during the COVID-19 pandemic.
Heather concluded: “However, it’s promising to see that so many businesses have adjusted security policies in response to this threat and are still considering bolstering security and IT staff. Fortunately, overhauling cybersecurity policy and the procedure does not have to be overly strenuous or expensive. Instead, it requires a cohesive effort from all colleagues and employees, strong password hygiene, including the use of Multi-Factor Authentication, and an Identity-Centric privileged access management solution to protect company data from breaches.”
These findings are also supported by the personal data report from Bitglass that concludes: Despite the concerns, the research shows that organisations are allowing BYOD without taking the proper steps to protect corporate data. About half of the surveyed organisations lack any visibility into file-sharing apps (51%), 30% have no visibility or control over mobile enterprise messaging tools, and only 9% have cloud-based anti-malware solutions in place. Compounding these problems are results that demonstrated that organisations need physical access to devices and even device PINs to secure them. This may be acceptable for managed endpoints, but it is an evident invasion of privacy where BYOD is enabled.
“The top two reasons enterprises hesitate to enable BYOD to relate to company security and employee privacy,” said Anurag Kahol, CTO of Bitglass. “However, the reality is that today’s work environment requires the flexibility and remote access that the use of personal devices enables. To remedy this standoff, companies need comprehensive cloud security platforms that are designed to secure any interaction between users, devices, apps, or web destinations.”
WFHD are here to stay. CTOs developing WFHD access, usage and security policies – often on-the-fly – to meet the unprecedented speed at which the changes to working practices are taking place, need to look at integrated systems most of which will be SaaS-based.
Chris Hykin, technical services director, Stone Group explained to Silicon UK: “The perimeter of the network is extended to an area where you have limited control. For each type of data security risk, we’re having to build platforms that facilitate the flexibility required to work from home successfully, but not exposing yourself to the risk of data loss or compromise.
“If you can determine a set of rules and principles that facilitate effective working from home and not limiting productivity, the next set of challenges comes from the dependencies you have less control over – consumer broadband; user confidence with both sudden change, and a new suite of technology tools that underpin communication such as video conferencing, collaboration, teams, Slack and Webex etc. “As a business, we look to solve another significant issue with the distributed workforce – sheer geographical distance. The ability of an IT manager to say “just bring it down to the IT office and I’ll take a look” is nearly gone. So, we’re positioning our range of nationwide engineers as a flexible set of hands to deliver break/fix and support to our customers as this becomes materially more difficult to achieve with a centralised IT helpdesk.”
New working environments
For businesses, navigating the new working environment that looks set to become long term if not permanent for some enterprises, has meant innovating at speed. “There’s a reason Zoom, Teams, Slack and Office 365 have been big winners during the lockdown,” says from Oscar Arean, Head of Operations at Databarracks. “If you are starting from scratch, you will pick cloud productivity like Office 365 or G Suite, collaboration software like Teams or Slack and a cloud-based phone system like Zoom.
“As a result, there is a mix of BYOD and company-owned devices at most organisations. Our Data Health Check survey, taken at the start of the lockdown, showed 45% of organisations use only company-owned devices. 22% were BYOD entirely, and 29% had a mix of company-owned and personally owned devices. When the lockdown happened, every business had to weigh up the benefits of allowing users to use their devices vs the risks. To stay productive, companies had to be more flexible.
BYOD can be secure, but you need to be prepared for employee-owned devices to be compromised and have controls in place should they be infected with malware or keyloggers, for instance.”
Many companies have been wrestling with BYOD for several years. Attempting balance workers’ demand to use their personal devices at work, with the clear and present danger of security breaches have suddenly taken on a whole new dimension.
No one is clear how the new normal of work will eventually operate long term. For now, CTOs need to take a step back to view the entire technology landscape their businesses now inhabit. Securing remote working has evolved over the last few years. COVID-19 has put that development into overdrive.