Securing Information
Strengthening Business

Could BYOD Spell Disaster for Government Suppliers?

BYOD (Bring Your Own Device) is coming

The rapid expansion of workers using their own laptops, smart phones and tablets for work purposes, otherwise known as bring your own device (BYOD), may be putting Government contracts at risk. Whilst these companies are well within their rights to accept risks to their own information and services, they are not at liberty to take the same risks with information owned by the Government or services provided to the Government under some form of service level agreement.

Employees are ignoring corporate policy

Even when companies have addressed the BYOD phenomena by putting polices in place about what workers can and cannot do on these devices, the chances are that they are largely ignored.

A recent survey ( Fortinet – June 2012) of nearly 4,000 workers in their twenties revealed that although 42% recognised the risks to data loss and malicious threats, a third of respondents were still willing to bypass corporate security policies and controls and use their devices anyway.

When considered alongside the recent Ascentor survey ( Meet the Information Saboteurs – aka, your employees ) that indicated that more than half of the employees surveyed would deliberately use information to sabotage their employers company, the real risks of BYOD become sharply focussed.

6 steps to manage BYOD information risks

Although all companies should be doing something to address these information risks, those involved in Government contracts need to rely on more than just policies and procedures if they are going to keep their contracts and their reputation intact. They need to ensure that the information is protected so that it is not possible to be remotely accessed by any unauthorised device, no matter who owns it.

Government suppliers need to take steps now to address the risks associated with BYOD:

  1. Produce a BYOD policy that makes it clear that access to Government information or services is not allowed from personally owned devices;
  2. Communicate the policy widely and back it up in training sessions and team management meetings;
  3. Store Government information in trusted environments that have robust technical controls in place to restrict access to only authorised personnel and from authorised devices;
  4. Conduct internal network monitoring to provide assurance that information and services are not being put at risk either from direct access or from malicious threats;
  5. Review the company BYOD policy with the Government authority to ensure that it meets any contract requirements.
  6. Update government risk assessments associated with the provision of a service so that BYOD risks and counter measures are put in place.

Or else…..

Above all, Government suppliers must not ignore the situation. Loss of Government information and/or the interruption to a Government-provided service through a failure to deal with the expansion of BYOD may have serious consequences including:

  • Loss of contract;
  • Damage to reputation;
  • Expulsion from framework agreements;
  • Financial penalties including up to £0.5m from the Information Commissioners Officer for loss of personal data;
  • Potential for legal action.

Next steps

BYOD is not just a fad, it is an inevitability. People are becoming more and more attached to their own individual devices and are far more effective when allowed to work their own way. This is good news for businesses that embrace BYOD but they must do so with their eyes open and not take undue risk with their own information or that of their partners and customers. The key is to follow good information risk management practice .

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:


For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Ascentor’s cyber security review of 2020

2020 wasn’t the first year where a virus emerged causing large scale disruption and opportunities for cybercrime. It was, however, the first time

Cyber security myths home workers fall for

From King Arthur to the moon landings that (allegedly) didn’t happen, it’s surprising what people want to believe without any real basis in fact.