Should Employees Use Personal Devices For Work? Easy Answer
Most employers are dealing with an expanding range of technology issues. Everything from budgets and cybersecurity to remote workers. In this article we give you a definitive answer to a common question. And you don't have to read the entire article to get the answer!
Should you allow employees to use their personal computers and/or phones for work?
No for computers. Maybe for phones.
Read below for some reasons why we say this.
Do you allow employees to use their own computers?
Why you shouldn't let employees use personal computers for work
When I asked Kosh's in-house cyber security expert, I got a quick and definitive "no". He said there're too many security, privacy, and liability issues that it's just not worth it. Some businesses think they're saving money by not having to buy computers for their employees, but the risks definitely outweigh any savings.
The cost of a basic business-grade workstation is about $1,700 and for a laptop with extended warranties is about $2,100. According to IBM the average cost of a data breach in the United States is about $9.44 million! And for the healthcare sector it is even higher at $10.10 million. The math is pretty easy to work out.
Security problems with personal computers
Here are some of the security issues that come with allowing employees to use their own computers.
You never know who else has access to their computer. Their computer might be shared with family members, and you definitely don't know what they're doing on the computer. Remember, this computer has your company's data on it, and it's now very exposed to viruses and malware.
Typically, personal computers don’t run premium anti-virus software. If they have anti-virus software, is it up to date? Is it robust enough to protect corporate data? Is it always running, or do they turn it off sometimes? Too many questions that you won't have the answers to!
Is other software updated on a routine schedule? Probably not. What about updates and patches to business software, is that being maintained? Probably not without having access to their computer to run the patches and update for them.
How are their passwords stored on their computer? Do they just have the passwords in a word doc? Are they using complex passwords? You would have to install password requirements to force the employee to comply.
There are way too many security holes when staff use their personal computers for work and that's why it's an easy "no". There're measures you can take to mitigate the risks the questions above pose, but it's far easier and more secure to issue a computer to your staff.
Kosh offers a free (no sales call) cybersecurity quiz that evaluates your staff's cyber awareness. Simply click below to fill out the form and we will get started.
Encryption as a security measure
Briefly, encryption is a way to protect your data if the physical machine is stolen. It can be difficult to enforce encryption on every computer if every computer working with your company data is different. Once again, the way to solve this issue is to buy computers for your staff.
The legal headaches of letting staff use their own computer
I feel like I'll convince about 99% of decision makers that purchasing computers for staff is the way to go if I just make the case that it will eliminate, or at least decrease the likely hood, of certain legal issues. A couple legal issues are:
Setting privacy expectations and more importantly guaranteeing that your staff and company are able to comply with these expectations. How can you assure employees that you can only see data related to the company? Does the company potentially have access to private personal data?
What happens when a personal computer used for business breaks? What if the employee spilled water on their computer? Who is responsible for buying a new one? So, there's the expense of the computer to consider and then the expense of having that employee down for a certain amount of time. Headache.
What happens to the data when the employee leaves the company? Do you have the legal right to remove company data from their computer? What if the former employee doesn't want to give you access to their computer? How will you enforce this? Once again, a lot of questions with difficult decisions that could be eliminated by simply purchasing a company computer in the first place.
What happens when the employee's computer