Cybersecurity: How to Reduce the Risks of Personal Devices

Personal Devices at Work Lead to Cybersecurity Risks

As mobile devices create ever-increasing opportunities for connectivity, the lines between professional and personal use are becoming blurred. Overworked professionals are trying to boost productivity any way they can, leading nearly 60 percent of employees to access company data on their mobile devices. And businesses equally hungry for efficiency are responding with bring-your-own-device (BYOD) programs.

One survey found that nine in 10 organizations permit employees to use personal devices for work, while another discovered that 82 percent of businesses have some kind of BYOD plan in place.

It doesn’t help that the surge in BYOD-friendly workplaces coincides with an explosion in corporate hacking. More than eight in 10 organizations suffered a data loss incident in 2015, compared to 41 percent in 2013.

Overall, cyberattacks increased by 176 percent in the past five years, with an average of 138 successful strikes per week. The total cost of cybercrime to organizations around the globe adds up to a staggering $100 billion per year.

Risks of BYOD and Mobile

Keeping corporate information secure on employees’ personal devices isn’t easy – in fact, it’s the second biggest challenge IT providers face. More than 70 percent of top IT decision makers view mobile devices as a significant security risk to organizations.

The more devices you have on your network, the more vulnerable you are. For example, if you have more than 2,000 devices connecting, there’s a 50 percent chance at least six of them are infected with malware.

Sadly, only 56 percent of IT leaders feel confident that their organizations understand the risks of using mobile devices. These include (but aren’t limited to):

  • App-related vulnerabilities. Downloaded tools – such as apps – create weak spots in cybersecurity that can open the device to hacking.
  • Lack of password protection. Fewer than half of all mobile device owners protect their devices with passwords or PINs, and fewer than a third use any kind of antivirus software.
  • Lost or stolen devices. In 2013 alone, 4.5 million smartphones were stolen or lost in the United States.

Cybersecurity Training for Employees

So what can businesses do about these threats? A BYOD policy crafted to minimize your company’s risk is a necessary first step. Raising awareness about cybersecurity among employees is also vital. While these are important steps, it’s important not to stop there.

Here’s an unpleasant truth: Employees who lack sufficient training will break the rules even if they know it could harm your business.

Consider the behavior of federal employees, half of whom access government email and documents from their personal mobile devices, researchers found. Although 60 percent realize they’re creating a cybersecurity risk for their agency, 85 percent of those employees do it anyway. Among agencies that prohibit using personal devices for work, 40 percent of workers ignore the rules.

It would be folly to assume your employees aren’t doing the same thing. That’s why it’s crucial to engage employees with high-quality data security training.

Training employees on data security during onboarding – and even following up with annual training – isn’t enough. To be effective, cybersecurity needs to become part of the corporate culture. Regular testing with simulated security events, for example, allows managers to identify those who pose the greatest risk to the organization and provide remedial training.


While there’s no way to eliminate the potential hazards of BYOD and mobile devices, the right policies and training can help transform your workforce from a cybersecurity threat to your first line of defense against mobile data theft.