BYOD and Cyber Essentials security: how certification protects your business
#BeCyberSmart

BYOD and Cyber Essentials security: how certification protects your business

You’ve probably heard the phrase BYOD before. ‘Bring Your Own Device” has been the darling of business and technology journalists for much of the last decade. And BYOD really is more than just hot air and hyperbole. For SMEs, it has the potential to change the way we approach procurement and resourcing forever.

Back in 2018, research estimated that BYOD adoption in the UK had reached 45% of UK businesses. However, that was before the pandemic and the dramatic increase in remote working. While current estimates vary, most indicate that between 70% and 80% of businesses now have some kind of BYOD scheme.

BYOD gives employees the option to use their own devices for work. And, as with any device that connects to your network and has access to business information, these devices fall within the scope of Cyber Essentials certification.


Access Now

BYOD cybersecurity risks

Employees using their own devices to access company networks and data presents various problems. Personal devices typically have less effective security measures than those configured and owned by businesses, and employees are less likely to follow strict security protocols on their own devices. There’s plenty of evidence to suggest we engage in riskier behaviour when using our personal laptops and phones.

Even if an employee only uses their personal smartphone, tablet, or laptop to check their emails at the weekend, or do some after-hours work at home, they’re still subject to Cyber Essentials’ BYOD requirements. 

It’s vital that employees follow the core principles of Cyber Essentials every time they use a device for work, whether personal or provided by the company. At a minimum, they must ensure that:

What if you don’t have a formal BYOD policy? 

Even if your business doesn’t have a formal BYOD policy, it’s still important to guard against the threat posed by personal devices. For example, to ensure we’re not giving cybercriminals a backdoor into our business, we ask employees to install the CyberSmart Active Protect app on any device they might use to access work.

Active Protect constantly checks devices to ensure they comply with Cyber Essentials BYOD requirements, and flags any problems to the company, and the user. This means that however your staff choose to work, you know they’re doing it safely. 

Cyber Essentials and BYOD: why it matters

Cyber Essentials is the UK government scheme that covers the fundamentals of cyber hygiene for all types of business. It’s also a requirement for some government contracts. Cyber Essentials helps you to protect your organisation against the most common cyber attacks, whatever devices your employees are using. 

Cyber Essentials BYOD requirements may vary, but overall, they cover five technical controls:

Following the Cyber Essentials advice for each of these controls will help you to avoid:

  • Phishing attacks
  • Malware
  • Ransomware
  • Password-guessing
  • Network attacks

Becoming Cyber Essentials-certified

Cyber Essentials certification shows that your business is using the five technical controls, and assures your current and future customers that you have a proactive and professional approach to cybersecurity. CyberSmart is the UK’s leading Cyber Essentials certification body – contact us to find out more about Cyber Essentials accreditation.


To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics