Research Hub > Top 3 Risks of BYOD Policies for Higher Education

September 19, 2023

Article
3 min

Top 3 Risks of BYOD Policies for Higher Education

Higher education institutions must be ready for the risks that BYOD policies create.

The recent pandemic and the evolution of technology made us think outside of the box in terms of where and how we work; we no longer imagine an office or a cubicle as the only option. Tablets, smartphones and laptops allow us to work from anywhere at any time. Personal devices make it easier to enable a modern workforce, however, they also create risks that can make any organization vulnerable to additional security threats.

Private and public organizations both contend with cyberattacks, ransomware and other threats to their IT systems. But, the way they must fend off these attacks is where they differ greatly.

Private organizations often have more budget, staff and resources than public institutions to handle mobile device security. This makes it much easier to devise, implement and enforce secure bring-your-own-device (BYOD) policies.

Public institutions do not have the same latitude as private organizations and that creates unique challenges. One of these challenges is in providing mobility to their staff.

Some higher education institutions have opted to allow not only their students but also their staff to bring their own devices to enable mobile work. While this may have positive effects on flexibility, morale and effective modern teaching techniques, allowing staff to bring their own devices carries risk that can adversely affect IT systems.

Top 3 BYOD Risks That Can Weaken Your IT Infrastructure

Higher education institutions have a vast amount of sensitive data stored in their system. Without proper security for these personal devices,the door is open for hackers to walk in and steal information.

Preventing a mobile device breach is critical in the modern workplace. Half the battle is knowing what threats you’re up against. Here are some of the ways a breach could happen:

1.  Password Issues: A weak password puts your IT system in danger, making it susceptible to a cyberattack. Attackers can gain access to your domain and traversal access of systems that are associated with an account. Training and processes for members of your institution that encourage a strong password that is complex and long is crucial.

Multifactor authenticator (MFA) is a great tool to help with password issues as well. MFA adds an extra layer of protection on devices outside organizational control. You can also employ a password manager and train employees to use it as a safer alternative to writing down and/or misplacing passwords.

2. Network Segmentation: Weakened network segmentation can allow anyone to enter your network from any device. Your network must be properly divided between a staff member’s access and a student’s access. There can be less control with mobile devices, but it is still easier to manage staff members’ access than the devices students use to log in into the network.

3. Control of the Mobile Device: – If staff bring their own devices without an institution’s required mobile device management (MDM) it allows for little to no control over the device. Employer-provided devices that have an MDM installation have added security that can be wiped if the device is lost or stolen.

Personal devices do not have this added security because employers do not always provide an MDM installation. Due to this lack of control over personal devices, you could be more susceptible to a cyberattack that puts their sensitive information at risk.

Mobile devices can provide tremendous benefits to modern life, but the challenges that they create in the public and private sectors are not insignificant. A lot of thought must be given to the way they are incorporated into an institution’s IT system.

CDW•G is here to help. We can provide you with a deep dive assessment to help you find the needs of your organization. Our dedicated experts with decades of experience are ready to help you find the right solution or service for your institution.


Brandon Lester

Consultant
Brandon Lester has been working with CDW’s Offensive Security Team since 2022. He has conducted thorough penetration tests against a variety of private business as well as government organizations. He has also worked with organizations in the healthcare industry as well as state and local government agencies.

Corey Hetzel

Practice Manager
Corey Hetzel has been with CDW for 15 years. He began as a network engineer and has moved through several leadership roles over the years. He has more than 25 years of experience and has lead the Offensive Security Team at CDW since 2020.