Employees who are mediums of transactional information within and outside the organization are the main end-users of a company’s private network. The pandemic surely introduced a complication with how IT personnel manage this practically impermeable virtual barrier. Over a year now, a company employee would be lying if he says he hasn’t used or at least considered using his personally-owned gadgets in the performance of his duties.
Most often, the use of personal gadgets for work is unavoidable. No matter how the management reinforces the policy of their non-use and how strictly employees would want to follow, there come circumstances like fieldwork that inevitably push them to deviate. Examples of these rule-bending practices include plugging in USB flash drives to unofficial devices or transferring pertinent documents such as photos from one’s smartphone to his company-issued laptop to attach in his presentation.
Short-sighted as it may seem, the intermingling official from non-official equipment by employees has been exacerbated in recent times. This is mostly due to remote working arrangements wherein, rather than going all the way to the office to request any necessary gadget, employees would rather use what’s available at hand. In exchange for such convenience are often the following pitfalls on the part of the company’s data security:
A device that is connected to an unsecured network, either an unencrypted home network or a free public one like those offered in cafes and airports, are vulnerable gateways to malicious hackers. When an employee accesses company email and files through a smartphone app while he’s connected to an unsecured Wi-Fi network, a hacker could easily creep into information such as those provided in email signatures and file attachments. Not as well-known but still widely done is hacking Wi-Fi-enabled printers.
It is, therefore, imperative to practice caution and minimizes online correspondence whenever connected to unsecured networks or add encrypting features to your home’s Wi-Fi network. Printers could likewise be configured to have a multi-factor authentication and to not allow printing from anywhere. On the other hand, the company should provide secure VPN access to its staff to not expose their online whereabouts to intruders.
A personal computer could be equipped with anti-malware software, but still could find itself glitching at times. You see, this software doesn’t provide absolute protection, and so plugging in a contaminated portable device even for a few seconds is sometimes enough to block an employee’s access to company-exclusive dashboards having detected the device as a threat.
If a portable drive contains pertinent files and happens to be penetrated by some malware, it could render these files inaccessible or even gone. With these imminent risks, an employee should make it a point to regularly create backup copies of important files in his office PC and reformat drives to keep them running.
Lack of Software Updates
One thing that sets official from non-official devices is that official ones are calibrated by the company’s IT team and are kept within their monitoring radar. That said, any threats are reported to them in real-time. On the other hand, they could deliberately install software upgrades if they saw the need. If recent WFH arrangements prove these necessary updates to be overwhelming for IT staff, the company could consider outsourcing cybersecurity services.
On the contrary, non-official gadgets that do not necessarily house the latest versions of the software are more susceptible to getting hacked. And, because the non-use of personal gadgets cannot be imposed especially at the moment, it is best that employees be regularly trained on security risks different devices are exposed to and how to wisely navigate online portals when working.
The worst that could happen is when a personal device is lost in a public space or is stolen. Or, a housemate could intentionally or unintentionally access your files while you are away and you left your device unlocked. Before any of these happen, it is best to activate your device’s auto-lock features. In addition, you could use unique passwords for every device or update each of them from time to time.
Whether to overtly allow the use of personal devices for work or not is still subject to extensive discussion. But, more sophisticated benefits such as multitasking and seamless data transfer features, like that of a digital notepad for instance, which aren’t necessarily available for the standard office desktop computer, should never be discounted. What is more feasible, for the time being at least, is revisiting IT-related company policies and seek for ways to arrive at a compromise to accommodate these otherwise productivity-enhancing devices.