From the employee’s-eye view, sometimes a business network has a lot of apparently unnecessary protocols in place that make handling day-to-day activities difficult. Network slowdowns and access restrictions make it seem reasonable to circumvent network security just to get things done. This is even truer in the case of consultants, contractors, and other outside business people working in house, where doing the job requires using specific tools unique to the office’s network, but the contractor has to wait…and wait…in order to be set up for access through IT. With the advent of MiFi routers and the ability to turn smartphones into stand-alone wireless hubs, end users now have ways to work around the restrictive networks of their employers—but not without risk to the organization.
The tech-savvier that digital native employees become, the more the workplace will see these models of access, and the security risks surrounding them, cropping up. Your clients and their IT departments will be looking for solutions and policies to manage BYON (“bring your own network”) as things head in this direction, so understanding the following three recommendations will help you guide them to making the right choices.
1. If IT Doesn’t Know, Don’t Just Let It Go
There’s an obvious difference between sanctioned BYON and non-sanctioned BYON. If an IT department has signed off on the use of an outside Wi-Fi connection for getting around some less desirable quirks of a business network, that ideally means that the department understands the risks, is watching for potential problems, and has set things up so that the use of such networks doesn’t circumvent existing requirements for access or security.
On the other hand, if IT doesn’t know about the network, whether it’s consultants who don’t want to bother talking to IT about access or employees who want to use websites that the network blocks on the same computer they’re working from, it can cause problems. The IT department should be just as concerned with non-sanctioned BYON as it is with non-compliant device usage on business networks.
2. The Reasoning Behind BYON—A Deeper Look
Setting up a BYON network seems like a lot of work to go through in a world where people can just pick up their smartphones and handle their personal business through their phone provider’s Wi-Fi network while using the business network strictly for work. So why do people decide to use BYON? Because that’s how people are. They want to do things more conveniently, from one machine, without obstacles—perceived or real—in their way. BYON can provide the kind of speed and convenience—in doing work and in doing non-work tasks—that employees believe they should be getting from the business network.
And once a BYON network is set up, it can become an automatic go-to life hack: an off-the-books workaround that everyone uses and nobody thinks about. If, one day, everyone comes into the office and a co-worker shows them a way to get around a network slowdown by connecting to a different, BYON Wi-Fi network, they’ll do it—setting it as their preferred Wi-Fi network and leaving it. At that point, from the employee perspective, there’s no difference from going into work and hopping on the business Wi-Fi in the morning. They turn on the computer, and they’re connected. But from a security perspective, there are, of course, potential problems.
3. The Best Ways to Handle BYON
There are three important steps that an IT department can implement in order to manage BYON, bring it back into the fold of the enterprise’s network security, and prevent it from being a weak link leading to a cybersecurity event:
- Instituting security policies that pertain directly to BYON gives a business grounds to treat the use of such networks like any other breach of policy.
- If a BYON network is IT-approved, monitoring tools can be used in order to watch for private work-related data being moved, intentionally or unintentionally, from work-based tools out of the office over a BYON network.
- An IT department should also implement access control on such networks, so that even if consultants are using BYON as a way to make things easier, IT still authorizes every last person on the network.
How have you seen enterprises dealing with BYON networks?