When Your Employees Use Work-Issued Devices for Personal Reasons


March 27, 2020

As the Lines Between Work and Home Blur, Here’s How Smart Companies Are Handling Mobile Device Management

As companies come out of a global pandemic that kept their staff at home, most have realized the futility of crackdowns on employees using work issued devices for personal reasons. There’s just too many ways our personal and work lives blend over the course of the day.

But that doesn’t make the risk go away. The fact remains that employees are inadvertently the number one security risk your company faces, even when they are using work-issued devices appropriately. When you consider the added risks of employees browsing unsafe sites, clicking malicious links on personal emails, or following suspicious Facebook page links, it’s easy to see how these risks spiral out of control.

In this modern world we live in, employees need to practice safe internet protocols no matter what device they are using, whether it’s company issued or not. And the key to that is a healthy dose of prevention and education.

Key Strategy: Prevent Incursions with Mobile Device Management

When it comes to monitoring employees using mobile devices for personal reasons, the old tactics of shaming employees taking a break on Facebook won’t work. Most organizations trust their employees to flex their time to get their work done. But Mobile Device Management (MDM) software installed on all an employee’s devices can do a great deal to stop attacks in their tracks.

MDM programs offer a whole host of benefits, allowing your IT staffers to push software updates to mobile devices automatically, perform screen takeovers and remote maintenance, install two factor log-in authentication, and so much more. A solid MDM strategy can eliminate the lion’s share of security issues that come with employees using work-issued devices for personal reasons. If you want to take a deeper dive into what MDM strategy can do for your organization, check out our latest blog on the topic. And if you have cybersecurity insurance through a major carrier, keep in mind, they may drop your policy if you can’t demonstrate solid remote access security programs at your company.

Key Strategy: Give Every Employee Cybersecurity Awareness Training

Every employee who has access to your network, from the janitor to the CEO, needs to take a cybersecurity awareness training class. Better yet, regular training updates should be done every few months. Requiring video training with comprehension tests is a good start. Periodic drills help, too.

To be effective, covered topics will include email safety, understanding the spread of malware across the network, password security, and some common red flags of a malware infection.

In addition, your employees need to know what to do if they suspect they have been infected, from isolating their device to notifying the IT department.

Key Strategy: Draft an Acceptable Use Policy

Drafting an acceptable use policy is the key to outlining what your employees can do with work-issued devices, and what they are not permitted to do. It will cover employees using work-issued devices for personal reasons in depth.

Conversely, an acceptable use policy can also cover employees using personal devices for work. This policy can be drafted with your internal IT department or a trusted Managed Services Provider.

It’s important to have the employee physically sign two hard copies. One copy will be kept in the employee file, while the other will be given to the employee. If a breach should happen, this policy is a key factor in determining and limiting your business’ liability.

The Your Journey to a Remote Enabled Workforce

The workforce is becoming more mobile, and dispersed over more locations. Workers are finding more creative and flexible ways to get their work done. Keep your organization protected. Check our DIY Cybersecurity Checklist, today!

We're Integris. We're always working to empower people through technology.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...