The National Cyber Security Centre (NCSC) has warned organisations to consider security issues when allowing staff to use their own devices for work.

In an updated guidance, the UK’s National Cyber Security Centre (NCSC) has urged organisations to review and re-plan any BYOD strategies that were rapidly implemented during the pandemic, citing increasing cyber-risk.

With the rapid shift to remote working during the beginning of the pandemic, employees turned to using their own personal devices. However, threat actors took advantage of this and targeted vulnerabilities and misconfigurations in their devices and home networks. 

Senior platforms researcher Luna R commented in an accompanying blogpost: ”You cannot do all your organisation’s functions security with just BYOD, no matter how well your solution may be configured. If you’ve given BYOD users admin access to company resources, revoke that access immediately, then come back.”

The guidance works through five actions that will aid organisations in choosing and implementing the right BYOD solution:

  • Action 1: Determing your objectives, user needs and risks
  • Action 2: Develop the policy
  • Action 3: Understand additional costs and implications
  • Action 4: Deployment approaches
  • Action 5: Put technical controls in place