The Intersection of IoT and BYOD

By February 7, 2018 Cyber Liability

In a field of cyber ABCs, there are two crucial abbreviations everyone, especially business owners, should know: Internet of Things (IoT) and Bring Your Own Device (BYOD). Understanding what these terms mean and how they intersect one another can help you protect your business from cyber threats.

What is IoT?

The Internet of Things, commonly known as IoT, refers to the connection of ordinary devices to the Internet. What began with the network connection of computers and then spread to smartphones, has now seemingly taken over, linking everything from cars to appliances to medical devices to the larger cyber world. It’s innovative, to be sure, and allows us greater access to and expanded usage of a variety of equipment.

IoT has brought us refrigerators that can sync a phone sending notifications when the filter needs replacing or food is about to spoil. Wearable medical devices are now available to monitor vital signs, send medication reminders, and send data back to a health professional. Connected cars come equipped with GPS, the ability to locate the least expensive gas station, or play the driver’s favorite music via popular apps like Spotify.

What is BYOD?

Bring Your Own Device, or BYOD, refers to the trend for employers to allow or require employees to use their own phones, tablets, and laptops for both personal and professional purposes. All these connect to a variety of networks along the way. As individuals increasingly purchase their own smartphones and computer equipment for personal use, companies are finding less of a need to provide this hardware to employees.

Employers see several advantages from this approach. Employees are easily connected, even while at home, allowing them to work remotely when getting to the office is impractical or impossible. It can promote better work-life balance and innovation, as well as lower overhead for employers who would otherwise foot the bill for this technology.

So Where’s the Downside?

IoT and BYOD each have their own flaws amid a sea of perks. For example, these common household devices that are connected to the Internet can sometimes be a gateway for hackers into home and business networks. Security and privacy concerns continue to be addressed, but, like everything else, cyber criminals continue to seek ways to access networks and data. Users of these innovations may not even realize the security risks they’ve exposed themselves to until it’s too late.

If a home network is infiltrated by a hacker, all devices used on that network, can be compromised, including smartphones, tablets, and laptops, then imagine what happens when these devices are then brought to the office as part of a BYOD arrangement. These devices, once connected to the company network, may unwittingly allow a virus, spyware, or other malware into the organization’s internal network. Even organizations with robust protections on their own networks are vulnerable if a hacked device is able to connect.

What’s an Employer to Do?

It’s impossible for an employer to control the devices an employee chooses to have in their home or to keep tabs on the security of an employee’s Wi-Fi network. However, they can set clear requirements and expectations for how employees use and access company networks and resources. In addition, training employees on Internet best practices can help mitigate risk. If nothing else, an employer should have a BYOD policy in their handbook. Employees who understand how their actions outside of the organization can negatively impact the business are more likely to avoid exposing themselves and the company to cyber criminals.

All insurance policies are different. Be sure to review your insurance policy for specific information about coverages available to you. Nothing in this post is meant to suggest a guarantee of coverage.