Why employers need a cybersecurity policy for their employees' personal devices

Lisa Fotios from Pexels

In a remote work world, employees' personal laptops, tablets and phones play a pivotal role in how they get the job done. But are those same devices protected from cybersecurity threats?

Global cyberattacks increased by 38% in 2022, with hackers widening their targets to business collaboration tools such as Slack, Teams, OneDrive and Google Drive, according to cybersecurity solutions company Check Point Research. Today's threats are increasingly directed at individual employees, and many employers are not prepared — companies need to implement a "bring your own device policy" to monitor and protect employees' personal devices before it's too late, underlines Amir Tarighat, co-founder and CEO of cybersecurity company Agency.

"The biggest shift in cybersecurity has been attackers focusing on employees and their personal lives to access company systems," says Tarighat. "Meanwhile, people are using their phones, laptops and even tablets to access work applications, whether it's something like Slack or their email. There's no scenario where you shouldn't have a policy to address this."

Read more: 6 global business threats employers should plan for in 2023

While some employers may be tempted to ban employees from using personal devices for work, Tarighat believes that would be futile demand. Instead, a "bring your own device" or BYOD policy protects workers from phishing scams, third-party data breaches, social media scams and ransomware.

It's likely that employers already use their employees' personal devices in their cybersecurity practices. Notably, multifactor authentication usually involves employees using their personal devices as a way to authenticate their identity before they can successfully log in to their professional devices and accounts. 

Tarighat is asking employers to go a few steps further by offering employees security management services through a third party for their personal use. For instance, if an employee receives a notification from their security management service saying their account information is on the dark web, the company security team can follow up with the employee's permission, ensuring their passwords are changed while continuing to track additional threats. 

"People just don't like the idea of an employer controlling their devices," says Tarighat. "Instead, employers should think of this as personal security and an employee benefit that benefits the employee and their personal life." 

Regardless of how little employers think their workers use personal devices for work, there needs to be a policy in place that accounts for security and employee privacy — and luckily, the two do not have to be mutually exclusive, says Tarighat.

Read more: What ChatGPT means for the future of work

"The primary beneficiary of this security solution should be the actual employee, not the company," he says. "Ultimately, companies should buy high-quality security services for their employees to use. The key to success is employees having control."

Read more: Get real about BeReal: Employees' social media use is threatening company data

Additionally, Tarighat emphasizes the importance of companies going beyond mobile device management software, which is often mistakenly conflated with security management. While this software can wipe company information from a device connected to the organization's network once an employee leaves the company or if their device gets stolen, it does not monitor for security threats

"You should approach a BYOD policy the same way you approach security for company systems," says Tarighat. "In this case, you hire a company where someone can actively monitor security events and respond to them." 

Tarighat is confident if an employer's BYOD policy puts employees' security first, then the company as a whole will succeed in managing its cybersecurity, regardless of where and how their employees work. 

"As a byproduct of employees having better security, companies get better security," says Tarighat. "Partner with employees to build a good strategy and position this as a benefit."

For reprint and licensing requests for this article, click here.
Technology Cyber security Cyber attacks
MORE FROM EMPLOYEE BENEFIT NEWS