Cyber Security: Bring Your Own Device

Key considerations for businesses.

Using a personal device, such as a personal non-work laptop, to carry out work-related activities is known as bring your own device (BYOD).  One of the reasons that a BYOD policy is so essential in the modern workplace is that employees bring their devices to your office whether you have the policy in place or not. In other words, your employees may be using their own laptops and smartphones with or without your permission. Around half of businesses (47%) say that staff in their organisation regularly do this. If you don’t have a policy in place, you’re just increasing security risks from them using insecure apps to transfer crucial data.

We’ve put together guidance on creating an effective and secure BYOD approach:

Create a BYOD policy

Ensure that personally-owned devices can only access the business data that you are willing to share with authorised staff.

Encourage staff agreement

Communicate your Bring Your Own Device policy through staff training so they understand their responsibilities when using personally-owned devices for work purposes.

Use technical controls

Container applications and technical services such as Mobile Device Management can help you remotely manage personally-owned devices, but they can impact the device’s usability.

Limit the information shared by devices

Staff are used to sharing their information with other users and in the cloud. The automated backup of device data to cloud-based accounts can lead to business data being divulged.

Plan for security incidents

When incidents occur, act quickly to limit losses. Could you remotely wipe sensitive data from a personally-owned device if it was lost or stolen?

Anticipate increased device support

Your services may need to be accessed by different types of devices, so ensure you have the IT support capability and expertise to manage a growing range of devices.

Consider alternative ownership models

Restricted devices may not appeal to some users, so consider giving staff a choice of approved devices that are purchased and controlled by your business.

Understand the legal issues

The legal responsibility for protecting other people’s personal information is with the data controller, not the device owner. It is also worth noting that any device which accesses company or customer data will be under the scope of Cyber Essentials.

If you would like any more information on protecting your business or becoming Cyber Essentials certified, please call our team on 0333 240 1824 (Option 1) or email us at

Related Posts

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this. Our Cookies Policy.