When Your Employees Use Work-Issued Devices for Personal Reasons

by

March 27, 2020

As the Lines Between Work and Home Blur, Here’s How Smart Companies Are Handling Mobile Device Management

As companies come out of a global pandemic that kept their staff at home, most have realized the futility of crackdowns on employees using work issued devices for personal reasons. There’s just too many ways our personal and work lives blend over the course of the day.

But that doesn’t make the risk go away. The fact remains that employees are inadvertently the number one security risk your company faces, even when they are using work-issued devices appropriately. When you consider the added risks of employees browsing unsafe sites, clicking malicious links on personal emails, or following suspicious Facebook page links, it’s easy to see how these risks spiral out of control.

In this modern world we live in, employees need to practice safe internet protocols no matter what device they are using, whether it’s company issued or not. And the key to that is a healthy dose of prevention and education.

Key Strategy: Prevent Incursions with Mobile Device Management

When it comes to monitoring employees using mobile devices for personal reasons, the old tactics of shaming employees taking a break on Facebook won’t work. Most organizations trust their employees to flex their time to get their work done. But Mobile Device Management (MDM) software installed on all an employee’s devices can do a great deal to stop attacks in their tracks.

MDM programs offer a whole host of benefits, allowing your IT staffers to push software updates to mobile devices automatically, perform screen takeovers and remote maintenance, install two factor log-in authentication, and so much more. A solid MDM strategy can eliminate the lion’s share of security issues that come with employees using work-issued devices for personal reasons. If you want to take a deeper dive into what MDM strategy can do for your organization, check out our latest blog on the topic. And if you have cybersecurity insurance through a major carrier, keep in mind, they may drop your policy if you can’t demonstrate solid remote access security programs at your company.

Key Strategy: Give Every Employee Cybersecurity Awareness Training

Every employee who has access to your network, from the janitor to the CEO, needs to take a cybersecurity awareness training class. Better yet, regular training updates should be done every few months. Requiring video training with comprehension tests is a good start. Periodic drills help, too.

To be effective, covered topics will include email safety, understanding the spread of malware across the network, password security, and some common red flags of a malware infection.

In addition, your employees need to know what to do if they suspect they have been infected, from isolating their device to notifying the IT department.

Key Strategy: Draft an Acceptable Use Policy

Drafting an acceptable use policy is the key to outlining what your employees can do with work-issued devices, and what they are not permitted to do. It will cover employees using work-issued devices for personal reasons in depth.

Conversely, an acceptable use policy can also cover employees using personal devices for work. This policy can be drafted with your internal IT department or a trusted Managed Services Provider.

It’s important to have the employee physically sign two hard copies. One copy will be kept in the employee file, while the other will be given to the employee. If a breach should happen, this policy is a key factor in determining and limiting your business’ liability.

The Your Journey to a Remote Enabled Workforce

The workforce is becoming more mobile, and dispersed over more locations. Workers are finding more creative and flexible ways to get their work done. Keep your organization protected. Check our DIY Cybersecurity Checklist, today!

We're Integris. We're always working to empower people through technology.

Keep reading

How to Run Governance on Your Security Awareness Training Program

How to Run Governance on Your Security Awareness Training Program

Has your company decided to take the plunge, and start a regular schedule of monthly online security awareness trainings for your employees? Great! You’ve just taken a big step toward hardening your cybersecurity defenses. Now what? Chances are, you’ve purchased a...

What Can Cybersecurity Awareness Training Do for My Company?

What Can Cybersecurity Awareness Training Do for My Company?

Global spending on employee cybersecurity awareness training is predicted to exceed $10 billion USD by 2027, up from around $5.6 billion USD in 2023, according to the latest estimates from Cybersecurity Ventures. Why? Because more companies than ever are realizing...

Third Party Vendor Risk Management: A Guide for Law Firms

Third Party Vendor Risk Management: A Guide for Law Firms

You've bought the cybersecurity tools your MSP recommended to manage your cybersecurity. You use a permission-based platform to transfer client files back and forth. Your firm should be covered for data breaches, especially third-party vendor risk, right? Tell that to...