When Your Employees Use Work-Issued Devices for Personal Reasons

by

March 27, 2020

As the Lines Between Work and Home Blur, Here’s How Smart Companies Are Handling Mobile Device Management

As companies come out of a global pandemic that kept their staff at home, most have realized the futility of crackdowns on employees using work issued devices for personal reasons. There’s just too many ways our personal and work lives blend over the course of the day.

But that doesn’t make the risk go away. The fact remains that employees are inadvertently the number one security risk your company faces, even when they are using work-issued devices appropriately. When you consider the added risks of employees browsing unsafe sites, clicking malicious links on personal emails, or following suspicious Facebook page links, it’s easy to see how these risks spiral out of control.

In this modern world we live in, employees need to practice safe internet protocols no matter what device they are using, whether it’s company issued or not. And the key to that is a healthy dose of prevention and education.

Key Strategy: Prevent Incursions with Mobile Device Management

When it comes to monitoring employees using mobile devices for personal reasons, the old tactics of shaming employees taking a break on Facebook won’t work. Most organizations trust their employees to flex their time to get their work done. But Mobile Device Management (MDM) software installed on all an employee’s devices can do a great deal to stop attacks in their tracks.

MDM programs offer a whole host of benefits, allowing your IT staffers to push software updates to mobile devices automatically, perform screen takeovers and remote maintenance, install two factor log-in authentication, and so much more. A solid MDM strategy can eliminate the lion’s share of security issues that come with employees using work-issued devices for personal reasons. If you want to take a deeper dive into what MDM strategy can do for your organization, check out our latest blog on the topic. And if you have cybersecurity insurance through a major carrier, keep in mind, they may drop your policy if you can’t demonstrate solid remote access security programs at your company.

Key Strategy: Give Every Employee Cybersecurity Awareness Training

Every employee who has access to your network, from the janitor to the CEO, needs to take a cybersecurity awareness training class. Better yet, regular training updates should be done every few months. Requiring video training with comprehension tests is a good start. Periodic drills help, too.

To be effective, covered topics will include email safety, understanding the spread of malware across the network, password security, and some common red flags of a malware infection.

In addition, your employees need to know what to do if they suspect they have been infected, from isolating their device to notifying the IT department.

Key Strategy: Draft an Acceptable Use Policy

Drafting an acceptable use policy is the key to outlining what your employees can do with work-issued devices, and what they are not permitted to do. It will cover employees using work-issued devices for personal reasons in depth.

Conversely, an acceptable use policy can also cover employees using personal devices for work. This policy can be drafted with your internal IT department or a trusted Managed Services Provider.

It’s important to have the employee physically sign two hard copies. One copy will be kept in the employee file, while the other will be given to the employee. If a breach should happen, this policy is a key factor in determining and limiting your business’ liability.

The Your Journey to a Remote Enabled Workforce

The workforce is becoming more mobile, and dispersed over more locations. Workers are finding more creative and flexible ways to get their work done. Keep your organization protected. Check our DIY Cybersecurity Checklist, today!

We're Integris. We're always working to empower people through technology.

Keep reading

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

Social Engineering Hacks—Are They a Bigger Threat than Ransomware?

We're making a dent in hacking. Cybersecurity tools are better, and employee security training is better too. The emergence of the cloud means that hacker delights like uninstalled security patches happen far less. Now that most companies are backing up and operating...

The Business Impact of the AGCO Ransomware Attack

The Business Impact of the AGCO Ransomware Attack

On May 6, 2022, global agricultural equipment manufacturer and distributor AGCO announced they were victims of a ransomware attack. The cyber assault hit some of their production facilities on May 5. Restoring operations to normal will take several or more days. While...