The days of bringing your own device to work could be coming to an end

Security concerns are prompting a rethink of ‘bring your own device’ policies

'Bring your own device' concept image showing female office worker arriving at the office with a laptop stored in a bag.
(Image credit: Getty Images)

While bringing your own device to work might be convenient, many enterprises look set to crack down on the practice, new research shows.

In a survey conducted by Kinly, more than half (52%) of enterprises said they are mulling a ban on personal devices at the office, with laptops, tablets, and webcams all set for the chopping block.

A key factor behind this crackdown is the rise of ‘Shadow AV’, according to Kinly, which is causing serious security concerns. Shadow AV refers to the use of unauthorized audio-visual equipment and personal tech in the workplace.

Much like the problem of ‘Shadow AI’ - the use of unauthorized AI tools at work - security pros have grown concerned about the prospect of personal tech slipping into the workplace unnoticed.

This is creating serious security ‘blind spots’, the study warned, that leave the organization and individual at risk.

Bring your own device (BYOD) policies have been around for a while, but the shift to hybrid working patterns in recent years means the practice has become untenable from a security perspective, according to Kinly.

More than half (57%) of respondents said it’s becoming harder than ever to secure devices used outside the office and on home networks, for example.

Similarly, over three-quarters (77%) of respondents said that while their in-office equipment is protected with strong encryption and security protocols, that drops to around 66% for remote or personal setups.

As a result, 30% of organizations said securing personal devices and home-based AV equipment is now a top priority for 2025 and beyond.

What are the risks of BYOD?

BYOD policies aren’t inherently dangerous, however, they do carry added risks, Kinly warned. Using devices at the office and at home could expose users - and the business - to serious cybersecurity threats.

Threat actors frequently view personal devices such as these as an ‘in’ when targeting potential victims.

Additionally, as these devices are used in both personal and professional settings, the use lines become blurred when it comes to data protection and compliance. Kinly warned this could leave businesses vulnerable to potential GDPR violations and breaches under regulations such as NIS2.

Don Gibson, Chief Information Security Officer (CISO) at Kinly, warned the use of unsecured devices are the “digital equivalent of leaving your front door wide open and hoping no one walks in”.

“They’re unmanaged, unmonitored, and opening up serious threats - from ransomware attacks to regulatory fines,” he added. “If you’re not treating all devices as part of your security perimeter, you’ve already lost control.”

Despite the growing risks faced by enterprises, Kinly warned many are failing to treat AV as part of their core security posture. If they wish to continue with BYOD policies, robust guardrails must be put in place.

“If businesses must allow personal devices on the network, the priorities should be visibility and control,” Gibson explained.

“That means enforcing role-based access, mandating encrypted collaboration tools, and providing regular employee training.”

Similarly, Gibson noted IT teams must play a key role in securely onboarding personal devices and enforce clear compliance requirements and user accountability standards before granting access to corporate systems.

“Striking the right balance means evaluating risk against reward, because what works for one company, team or region won’t necessarily suit another,” he added.

MORE FROM ITPRO

TOPICS
Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.