The bring-your-own-device (BYOD) workplace, on its surface, seems like an unbeatable deal: have your employees use devices they already have to do their work. No more shelling out for phones, laptops, desktop computers, and tablets. Simply give employees access to your business's network and that's that.
BYOD has become the norm in modern workplaces, but that's not necessarily an indication of its success. Sure, you'll save thousands of dollars on electronic equipment, but at what cost? In many cases, the price you pay for BYOD can be measured in data breaches, which are significantly more than what you would have spent issuing employees work gear.
But don't take our word for it. Here are some stats that may make you think twice about having employees work on their personal devices instead of providing business computers.
40% of BYOD users have no security measures.
An Advisen report on a Millward Brown study states about 40 percent of BYOD users don't have any security measures in place to prevent unauthorized access to their phones and tablets. In fact, not even half of those users have a complex password to protect the device.
That's quite a risk considering most BYOD employees store business information on these personal devices. If someone steals their smartphone, the thief could easily access all your privileged business information and sensitive client data.
33% of workplaces don't have a BYOD policy.
According to Gartner researchers, more than 25 percent of organizations require employees to use their personal devices for work. However, only 15 percent of those surveyed were instructed to follow to a BYOD policy. More shocking: about 33 percent said their business has no formal BYOD policy in place at all.
Why is that such a big deal? When employees aren't sure about what they can and can't store on their personal devices or how to safely access the business network, they have to guess. Oftentimes, those guesses lead to inadvertent risks.
For example, say an employee has your business information stored on their personal laptop and they connect to an unsecured Wi-Fi network. If they haven't turned off their sharing settings, anyone could potentially access their files – it wouldn't even take a savvy hacker to pilfer the goods.
69% of businesses reported at least one hacking incident in the last year.
You read that right: according to a study by The Hartford Steam Boiler Inspection and Insurance Company (HSB), the majority of businesses experienced at least one breach last year – many even had more than one!
You might try to assuage your fears by thinking those hits only happen to big businesses, but you'd be wrong. Of those surveyed for the HSB study, 37 percent were mid-sized and small businesses. To make matters worse, 71 percent of cyber attacks take aim at small businesses precisely because they are small. The logic is that these targets don't have the fancy security measures that big companies do, giving the attack a better chance at success.
$8,700 = Average cost of a data breach for a small business.
Say your employee's unsecured device is stolen or hacked and your business records are exposed. Is it really that expensive?
The 2013 National Small Business Association survey [PDF] gives small businesses a ballpark figure: if you get breached, expect to lose around $8,700 right out of the gate. If your bank account is compromised, expect hackers to steal an average of $6,927 – and your bank doesn't have to reimburse you for that loss, either.
96% of customers don't trust retailers with their data.
The cyber security firm Fortinet conducted a survey to gauge how data breaches affect consumer attitudes. The results were pretty predictable: consumers are losing faith that their data is safe with businesses.
Most telling is their abject distrust of retailers, with only four percent reporting that they feel their data is safe with these entities. Not even healthcare professionals elicit a much better response – only 31 percent trust their doctors to protect their records. (More on that here: "Uh-Oh: Customers Don't Trust Businesses When it Comes to Data Security.")
But what does that mistrust mean as far as your business is concerned? According to a survey by the cloud security firm HyTrust, it translates into lost sales if you ever suffer a data breach. Over 50 percent of respondents said they would take their business elsewhere if their personal information was exposed.
Again, if you operate a BYOD workplace without enforceable security measures, the likelihood of your business experiencing a breach climbs exponentially, which means your reputation and revenue are on the line.
Secure BYOD programs are an investment, too.
It's a big security mistake to have a BYOD workplace with no formal policy. But creating that policy may require a lawyer's help, and according to Rocket Lawyer, the national average for an attorney's going rate is about $284 per hour.
And that's only the beginning. A safe BYOD program means you will also need to implement security controls and enforce the policy, both of which require time and money. Not to mention, it's difficult to police what employees do on their personal devices.
While it may seem like too much of an outlay to drop $1k on a laptop for employees, BYOD programs have the potential to be even more costly once you factor in the potential loss of customer trust and data breach recovery expenses.
Regardless of what you ultimately decide to do, be sure cyber security remains at the forefront of your plan, and consider carrying Cyber Liability Insurance to cover data breach expenses.