Cybersecurity Risks with Bring Your Own Device

As more businesses move to a flexible work environment, business owners are allowing employees to use their own tech devices at work. This framework, known as Bring Your Own Device (BYOD), enables employees to access company data on their own cell phones, laptops, and tablets.

While BYOD is gaining in popularity, it definitely comes with some risks. If you are a business owner, it’s important to understand the security risks that come along with this trend. Let’s take a look at why BYOD has become popular, the security issues that come with BYOD, and key recommendations on how business owners can protect their networks without subduing workplace productivity.

Why BYOD Has Increased

In recent years, Bring Your Own Device (BYOD) policies have gained significant traction in the corporate world. Several factors, including cost savings, increased productivity, and the flexibility it provides for remote work, contribute to this trend.

Cost Savings

One of the primary drivers behind the increasing adoption of BYOD is the potential for cost savings. With BYOD, companies no longer bear the burden of purchasing and maintaining hardware for their employees. This includes expenses associated with computer systems, smartphones, tablets, and other devices.

At Everound, our team recently helped a client reduce their monthly cell phone bill by implementing BYOD for cell phones. Instead of work-issued cell phones, team members were given a monthly stipend to go towards the use of their personal devices. This reduced the client’s monthly cell phone bill by thousands of dollars.

Increased Productivity

Another significant advantage of BYOD is the potential for increased productivity. When employees use their own devices, they are generally more comfortable and efficient in their work. Have you ever seen an iPhone user try to navigate an Android phone? Users possess a familiarity with their personal technology, eliminating the need for extensive training to operate company-provided devices.

This familiarity translates into quicker task completion and a smoother workflow, ultimately leading to higher levels of productivity. The seamless integration of personal devices into work processes can enhance overall efficiency and drive positive outcomes for the organization.

Flexibility for Remote Teams

The rise of remote work has further propelled the relevance of BYOD. With the ability to work from anywhere and at any time, employees can leverage their preferred devices to access company resources remotely. This flexibility offers a multitude of benefits, including better work-life balance and employee satisfaction.

Employees can choose to work from their preferred location using devices they are comfortable with, resulting in increased autonomy and reduced stress. Furthermore, BYOD facilitates collaboration and communication among remote workers, as they can easily connect and share information using their personal devices.

Risks of BYOD

While Bring Your Own Device (BYOD) policies offer numerous benefits, it is important to consider the associated risks. As a managed IT services provider, we lean towards the risks outweighing the benefits, especially for laptops and PCs, and here’s why:

Security Vulnerabilities: Personal devices may lack the same level of security as company-provided devices. This increases the risk of security breaches, as personal devices may not have robust security measures in place, such as encryption or secure access controls. This vulnerability can expose sensitive company data to unauthorized access or malicious activities. This is extremely critical when companies allow employees to use their own laptops or PCs.
Data Leakage: Loss, theft, or a compromised device poses a significant risk of data leakage. Unauthorized individuals can access sensitive company information, including customer data, trade secrets, or intellectual property. This can lead to financial loss and even potential legal implications.
Malware Risk: Personal devices may be more susceptible to malware and viruses compared to company-provided devices that have dedicated security measures. If an infected personal device connects to the company network, it can introduce malware or viruses that could potentially impact the entire network infrastructure and compromise data integrity.
Compliance Issues: Using personal devices for work-related tasks may pose compliance challenges, especially when dealing with sensitive data or operating in regulated industries. Companies must ensure that employees adhere to data protection laws, industry regulations, and internal policies, which can be difficult to enforce and monitor on personal devices.
Personal Privacy: Implementing a BYOD policy blurs the line between personal and professional use of devices. This can potentially infringe on an employee’s privacy, as their personal devices may be subject to monitoring or data access by the company. Balancing the need for business security while respecting privacy can be a delicate challenge.
Increased IT Support: Supporting a wide range of different devices, operating systems, and configurations can be complex and resource-intensive for IT departments. Troubleshooting issues, ensuring compatibility, and providing technical assistance for various devices can significantly increase the burden on IT teams, leading to potential delays in resolving problems and impacting overall productivity.

If your organization is considering adopting a BYOD policy or currently allows team members to use their own devices, reach out to us for recommendations and support on how to keep your company safe from cyber threats. We can advise you on the best path forward to not only protect your data but also allow your team to use devices safely.

BYOD Security Measures

Mitigating risks associated with BYOD requires a proactive approach and the implementation of effective strategies. In today’s digital landscape, where remote work and mobile devices have become the norm, organizations must stay ahead of potential risks and protect sensitive data. A reactive approach to BYOD can leave companies vulnerable to security breaches, data leaks, and compliance issues.

Here are several proactive steps companies can take to mitigate risk:

Limit Allowed Devices: Consider limiting the types of devices allowed as part of the BYOD policy. Cell phones and tablets, for example, are easier to manage from an IT safety standpoint compared to laptops and PCs. By restricting the types of devices permitted, companies can focus their efforts on managing and securing a narrower range of devices, reducing overall risk.
Mobile Device Management (MDM): Implementing MDM software allows companies to have better control over mobile devices used for work. MDM enables the enforcement of security policies, such as passcode requirements, device tracking, remote data wiping, and application whitelisting. This helps secure company data and ensures devices adhere to security standards.
Use of Secure Networks: Encourage employees to connect to secure, private networks when accessing company information. Public Wi-Fi networks pose a higher risk of data interception and unauthorized access. If employees must use public Wi-Fi, require the use of a Virtual Private Network (VPN) to encrypt their data and protect it from potential threats.
Regular Device Audits: Conduct regular audits of devices used for work to identify any outdated software, viruses, or vulnerabilities. Update software and applications promptly to ensure devices are protected against the latest security threats. Additionally, you should perform malware scans regularly to detect and remove any malicious software.
Data Encryption: Encryption transforms data into an unreadable format, rendering it inaccessible to unauthorized users, even if they compromise the device. Utilize encryption solutions that are compatible with various operating systems and ensure that encryption policies are enforced consistently.
Strong Authentication Measures: Implement strong user authentication measures, such as two-factor or multi-factor authentication. This adds an extra layer of security by requiring users to provide additional verification, such as a unique code sent to their mobile device, in addition to a password or PIN.
Separation of Personal and Business Data: Consider utilizing technology that separates personal and business data on the device. This allows for the management and protection of company data without compromising personal privacy. By implementing containerization or secure workspace solutions, companies can isolate and secure business-related data while leaving personal data unaffected.
Employee Training: Regularly train employees on safe practices when using personal devices for work purposes. Educate on how to spot phishing attempts, emphasize the importance of regularly updating software and applications, and outline the steps to take if their device is lost or stolen. Promote a culture of cybersecurity awareness among employees to minimize potential risks.

By implementing these measures, companies can significantly reduce the risks associated with BYOD and create a more secure environment for employees to use their personal devices for work purposes.

Cybersecurity Support from Everound

Implementing a BYOD policy can bring benefits to your organization, but it also comes with its fair share of risks and challenges. To ensure a smooth and secure BYOD implementation, it is crucial to seek the guidance and support of experienced professionals like Everound, a leading managed IT services provider.

With our expertise in BYOD policies and implementation, we can help you navigate the complexities, assess the risks, and develop a customized strategy tailored to your specific needs. Reach out to us today for expert support and direction in embracing the power of BYOD while safeguarding your data and maintaining a productive work environment.

While the shift to a remote workforce had been gradually evolving over the last decade, 2020 accelerated the move to remote work. Many businesses are now embracing either an entirely work-from-home culture or a hybrid model where employees split their time between an office and a remote location.

A recent survey from PwC reinforced what leaders and business owners have been hearing from their own teams – more than half of employees who were sent home to work during the pandemic prefer to continue to work from home at least 2 days a week. Nineteen percent of all employees surveyed prefer to work remotely entirely. The old paradigm of a 40-hour workweek, bookended with a morning and evening commute, is quickly changing.

The key to a successful remote workforce is a solid technology infrastructure and IT support. Technology plays a critical role in access to resources, collaboration, and most importantly, security. What current technologies can help a remote team? Let’s look at how technology supports a remote workforce.

Keeping Your Team Protected

Critical Cybersecurity for Remote Workers

A successful, efficient remote work platform requires several key technology resources that provide a seamless, secure work experience. With the staggering increase in cybercrime in 2020, the highest technology priority for any business, especially those with a remote team, is cybersecurity.

Last year more than 90% of companies worldwide experienced some form of a cyberattack whose aim was to steal passwords. For businesses with remote employees, a solid, strategically developed infrastructure can help prevent cyber threats while also providing ways for employees to work efficiently and stay connected.

Several technologies that are critical for a secure IT infrastructure include:

VPN: VPN, or a virtual private network, is a service that both encrypts data and hides IP addresses by bouncing network activity through a secure chain to another server miles away.
Network Security: Network security is the use of technologies to defend a network and network-accessible software and hardware from cyberattacks and misuse of company data. Depending on the type of business, network security can include firewalls, anti-malware, and data loss prevention (DLP).
Access Controls: For a remote team, access controls can help business owners allocate different levels of access to sensitive documents on a server. Access control is a security process that regulates who can view and use resources on a network. Access control minimizes risk to the business or organization and reduces the risk of a cyberthreat.
Multi-Factor Authentication (MFA): Multi-factor authentication is when a user must provide two or more pieces of evidence to gain access to a digital platform or resource. This extra layer of security is used to protect against hackers by ensuring that digital users are who they say they are.

Keeping Your Team Connected

Communication Technologies for a Remote Workforce

One of the challenges of the abrupt move to a remote workforce in 2020 was the immediate disruption to face-to-face communication and routine day-to-day conversations. Because nonverbal communication makes up 60-80% of communication, it’s important for businesses to integrate a visual platform for communication in addition to digital communication products (think chat programs like Slack).

Successful remote teams have several information technology resources available to them to encourage communication including:

Google Workspace: Google Workspace is a platform that provides several collaboration and workspace tools to make remote work easier for employees. Files can be shared on a secure platform, projects can be collaboratively edited from a central location, and communication tools that allow chatting and video and voice communication are available.
Microsoft Teams: Microsoft Teams is a platform that allows for instant communication, file sharing, and collaboration. Users can chat with the colleagues in real time, or even place a video phone call with one click. Files can be shared through chat, eliminating the need to send files as attachments via email. Other resources on Microsoft Teams include VOIP, screen sharing, webinars, and online meetings.
Video conferencing: Years ago, a video conference felt foreign to many employees. Video conferencing exploded in 2020, with several platforms breaking through as leaders. In addition to Google and Microsoft, Zoom has risen to the top with their easy-to-use platform for video conferencing. Many products can host hundreds of attendees with ease.
VOIP: The traditional landline phone system is becoming obsolete, especially without employees working from a shared office of location. VOIP, also known as voice over internet protocol, is a solution that connects users to each other immediately. VOIP is built in to several platforms including Zoom and Microsoft Teams.

Keeping Your Team Supported

Support Services for Remote Workers

A robust remote work program not only includes the apps and services employees need to perform their job but also supports technologies challenges and backup and disaster recovery.

Several approaches to IT support services include:

Remote Help Desk: When employees are working in the same building as their information technology colleagues and have an IT challenge, they often walk to their office for a quick fix to resolve issues. With remote teams, minor technology challenges can become a huge frustration without the proper process and support in place. Having a remote help desk in place with an automated help desk ticketing system provides remote employees access to technology help.
Backup and Disaster Recovery: While disaster recovery for on-premises infrastructure and data centers has become standard for most companies, moving applications to third-party cloud solutions to support remote work creates a unique challenge. When companies move to cloud-based applications such as file-sharing and storage, they need to do due diligence to ensure those vendors are following the best practices for disaster recovery to ensure their data is safe. Properly secured cloud-based solutions are a great way to backup and restore data in case of hard drive malfunctions, cyberattacks, and natural disasters.

We Focus On Your IT, So You Can Focus On Your Business.

Managed IT Services for a Remote Workforce

At Everound, we understand the unique information technology challenges of businesses with a remote workforce. We can help identify areas of improvement and customize solutions to help meet the needs of a fully remote or hybrid business model.
Interested in learning more? Reach out today for a free assessment to see if your current IT infrastructure is fully supporting your remote team. Let us focus on your IT, so you can focus on your business.

The COVID-19 pandemic has changed business for millions of us. Lots of our workers have been sent home to work.

This creates a new dilemma:

How do we make sure that everyone is productive even when they’re not in our offices?

In truth, it’s not hard as long as you have a plan and know how to follow up with your newly out-of-the-office staff.

What are some steps I can take?

Create clear goals, every day. Every day, start with an expectation of what will get done. Look at your year’s goals, then break that out to the month, then the week, then to days. There will always be changes in the plan, but that’s the best place to start.
Start every day with a meeting. Every morning, the whole team should be on a call to talk about the day’s plan. If your staff is too large, break out by department. The most important part is that everyone gets a chance to talk about challenges and the day’s goals. Remind everyone of the week’s goals as well.
Post goals on the group chat board. Put the goals up on the group chat or management boards. That gives everyone a place to go if they get sidetracked. You can also put up the future goals and the goals that were missed recently.
Have a Project B. There should be a second project that your team can work on if they get stuck on the main one. For example, if they’re building an app for a client and suddenly need to know something, they need to email the client (or you) and wait. Have a second project, maybe a website or another app. If you have a law office and your paralegals are at home, have a number of documents in the queue to work on. If one hits a roadblock, they can start on a different one.
Use the cloud. Keep documents in the cloud so everyone can access what they need, no matter where they are or when they’re working. The cloud is only as secure as your passwords, so institute a strong password policy. Make sure files are neatly organized so everyone can find everything, but the cloud is the place to work.
Encourage collaboration. Using Zoom, Skype, or any number of other meeting apps, your team can work together. Invite everyone to a group lunch one day a week to just grab a bite and chat. The more your people feel connected, even remotely, the better they’ll work together.
Everyone in. Keep everyone in the loop. No one can be left out of meetings. If it’s completely outside their purview, make sure they’re invited, but their attendance isn’t mandatory. It’s very easy to feel shunned when you’re not face-to-face. It can even make people feel paranoid. Invite everyone, but only the essential personnel to any project needs to be there.
Be available. Make sure that you’re available to answer questions as much as possible. Have your chat function open. Make sure your phone is on. Get email notifications. Schedule “office” hours where you’re available to help people grow and learn.
Assign mentors. If your team isn’t used to being remote workers, mentors can help them stay on task. Simple things, like prioritizing the day, staying focused, even setting up a desk, can seem daunting when you’ve been working in an office for decades.
Use video for new projects or skills. Create instructional videos that show your team new skills or introduce new projects. This will let them feel like you’re right in front of them and will give them something to look back at if they get lost.
Share contracts and customer documents. Letting your staff see what’s been promised to a client makes it easier for them to have buy-in. It lends clarity to their work. When they’re in an office and can simply ask the boss, it’s easier. When they’re at home, often working by themselves, seeing what the whole project is supposed to look like can help a lot. It also conveys trust.

Productivity Software

There are literally thousands of programs and web based apps to help your team work together. The big ones, like Microsoft Teams and Google G Suite, are everywhere, but any search for collaboration tools will get you endless pages of companies that have solutions for you.

The key is to look for what your team needs. If you’re dealing mostly in documents, Google is great. If you’re creating apps or doing graphic design work, you might need a specialized collaboration tool.

If you’re not sure, ask some business contacts or look in trade magazines or on trade websites. Even a Google search, like “collaboration tools for app designers”, should get you some options.

Keeping It Secure

Start right from the beginning with a strong password policy. There are lots of random password generators and vaults in the world such 1Password and LastPass, some of which have free packages. Otherwise, set down some rules and teach your team to create tough passwords.

It might be important to put everyone on a VPN, especially if they’re sending sensitive information back and forth, such as accounting data or medical office records.

Staying Organized

The most difficult part of working in an office, let alone remotely, is keeping the files, images, documents, and more all neatly organized is difficult.

Take the time to create a set of standards for creating anything. What to name files, how to date them, how to record versions, etc. should all be in your policies. Write the policies out and speak to your team about them. This way, everything is standardized and will make it much easier to find things if you’re not the person who created the original file.

A Note on “Productivity Trackers”

Some bosses like “productivity trackers.” These are programs that take a snapshot of the employee’s screen randomly, track what websites they go to, and more.

Many employees find these offensive. They are, essentially, spyware. They allow the employer to see everything that an employee does. They’re only supposed to work when the employee is “on the clock”, but many of these jobs are salaried or flat rate contracts.

From our perspective, if you distrust your staff that much, you need a new staff. If you create a list of daily goals and those goals are met, that’s really all you need to worry about. If you think that staff can get more done, add more goals.

This type of software is a very clear sign that you don’t trust your people. That’s not going to create the loyalty you need to make remote working successful.

The companies that sell this type of product will tell you how innocuous it is. Consider, do you want someone to be able to take a screenshot of your computer any time they want?

It’s easy to keep your team productive and working well together. Over-communicate, give them lots of tools, and trust they’ll do the very best they can every time.

Everound has been successfully engaging and supporting businesses to adapt to this new era of remote workers. From every facet of a company’s IT, we can assist, from employee experience to data center to cyber security and much more. If you need assistance transitioning your company to a work from home environment, we can help. Contact us today using the contact form below or by calling us at +1 717.312.5890!

[contact-form-7 id=”310″]

COVID-19 hit, and all your employees went home to work. We all thought this would be temporary, last only a few weeks, maybe a month… Employers are now seeing remote work is possible. Users can be efficient from a spare bedroom. What does this mean for IT? How can we make sure our company is secure? How do we optimize our budget? Let’s talk.

Define what will need to be accessed by employees within the LAN.

Step 1: What and How are employees accessing work data since COVID-19?

Let’s review what will need to be accessed by employees. Commonly, file servers are still used by many small to mid-sized businesses for their low cost and easy management. While this is ideal when employees are onsite, you are now over utilizing your firewall with VPN and slowing transmission speeds from your users downloading and constantly accessing large files. Solutions such as Egnyte, Dropbox and SharePoint can offload your data to a secure cloud while retaining IT security and disaster management over the files.

Next, you have applications on local servers. Consider VDI or Remote Desktop to minimize access. By using VDI, we can narrow down VPN access to one entry point and control the traffic. VDI will also give you the ability to increase resources to the backend of the infrastructure to, you guessed it, improve your user experience!

The key to success here is to keep thinking, constantly review your environment. What do your users need access to? Ask why. Shutdown, remove or lockdown the areas that will not need to be accessed remotely.

Decide what applications can be moved to a cloud environment.

Step 2: Did COVID-19 strengthen our move to the cloud?

Can we offload old applications? How many times are we hanging onto legacy apps or databases for no reason other than lack of time or the disruption to users? Well now disruption is everyday! Now is the time to review these systems. Is there a better cloud app out there? In most cases, a couple minutes of “Googling” lands you a solution someone with the same problem decided to fix and sell.

Selling these applications to the CEO can be easy. Remind him how Joe spends 3 hours each day connecting to VPN, opening an SRSS report, running a report, exporting to CSV, formatting, and saving to PDF only to email it to 30 colleagues. This new app automatically emails the report every morning and there’s a mobile app! Sold! Another server decommissioned and more users off VPN.

Spend the time to understand what your users need to be successful. Use this knowledge to present new solutions.

Review your security and device management. Do you still have the same control?

Step 3: Review security and management since COVID-19

Are you still in control? How are you handling group policies and windows patching? The traditional SCCM build isn’t going to work if no one is connecting to VPN. Consider solutions such as Azure Admin Center, Datto, PolicyPAK, ManageEngine or VMware Workspace One. All provide many tools to help with RMM, group policies, software installs and windows patching for your remote users.

What can you reduce or remove from your internal network which is no longer useful?

Step 4: Reduce from COVID-19

Identify areas of your network that are no longer used. We’ve just looked at areas where you will need to spend money to improve the experience of your employees and also to keep them secure. Now we need to identify where we can reduce cost.

Look at your circuits, do you have empty offices or servers with less applications that can be combined. Review the use of your PRIs and VOIP platform. Finding areas to reduce cost and using that budget to optimize your infrastructure with new technology is proof of a successful IT professional.

Speak with your CEO. Understand the long-term vision

Wrap up

Key to any changes you make, is to be aligned with your company. Speak with the President, CEO or board. Understand the needs and direction they plan to take long term. Your agility to adapt to their vision will solidify the success of your department.

Additional reading can be found here https://www.cio.com/article/3545534/sharp-it-budget-cuts-expected-in-wake-of-covid-19.html.

Everound has been successfully engaging and supporting businesses to adapt to this new era of remote workers. From every facet of a company’s IT, we can assist, from employee experience to data center to cybersecurity and much more. If you need assistance transitioning your company to a work from home environment, we can help. Contact us today using the contact form below or by calling us at +1 717.312.5890!