As cyber security events make headline news, businesses have to examine their cyber practices to reduce their vulnerabilities. The damages and losses from cyber events continue to increase; this leaves many businesses asking what they can do to reduce their exposure. Cyber insurance can play a crucial role, but the relatively new nature of the coverage and gaps in coverage still mean that the best way to avoid losing money due to a breach is never suffering from a breach in the first place. One of those gaps could be your employee's personal devices.
"Avoiding breaches means taking hard looks at all potential access points into a company’s cyber infrastructure, says Charlie E. Bernier, Vice President at ECBM and Cyber Insurance Expert. "One regularly overlooked access point is the personal devices of employees - cell phones, tablets, and laptops that may have access to the company network or even home desktops that connect through VPN."
Viruses or malware on personal employee devices can be an entry point for hackers looking to break into your network. As such, companies need to consider their policies on personal devices when assessing their cyber security protocols. This includes making determinations as to whether to allow these devices access to company networks and what type of access to allow.
Many companies concerned with cyber security have begun to move away from so-called bring your own device (BYOD) policies. These policies freely allowed employees to bring their own cyber devices into the office and connect them to company networks and data servers. These policies provide benefits to companies by lowering costs (since the company does not have to pay to provide the devices) and making access more convenient to employees; they also make it easier for employees to work from home or while on the road.
However, these policies also come with significant risks as companies cannot manage these devices to prevent cyber threats in the same way they can with company-owned devices. In a way, these policies simply extend the risks created by the human firewall; a majority of breaches are caused by insecure or risky behavior by end users and BYOD policies simply add another potential weak point. READ MORE: History and Future of the Corporate Cell Phone
More About BYOD Policies:
Ultimately, in reviewing their policies, companies need to consider all potential risks to these different approaches and choose one that best suits their own cost-benefit analysis. Maintaining cyber security in the current era requires awareness and diligence; companies need to take proactive approaches to control their cyber vulnerabilities through cyber insurance and aggressive approaches to prevent a breach.