Confident Response Series: Bring Your Own Device (BYOD)

BYOD – A PRACTICAL SOLUTION OR A RISK TOO FAR?

For our fourth Confident Response Series with Kroll last year, we had our speakers Gerallt Owen – Managing Director, Kroll Cyber Singapore, Bryan Tan – Partner, Pinsent Masons Singapore, and Jenny Zhuang – Of Counsel at Dentons Hong Kong, and Steve Tunstall - General Secretary at PARIMA, as moderator for a 45-minute session on the use of BYOD and how to navigate the risks associated with it.

Gerallt Owen introduced Bring Your Own Device (BYOD) as an "???????????????????????????? ???????????? ???????? ???????????? ?????????????????? ???? ?????? ?????????? ?????? ???????????????????? ?????????????? ???? ???????????? ?????? ????????????????????????'?? ??????????????????????, ?????????????????? ???????????????? ???????? ?????????????????? ???? ?????? ????????????????????????."

Due to COVID-19, many firms were able to implement business continuity plans to facilitate remote working as countries worldwide are increasingly embracing work-from-home culture. However, other businesses were unprepared for the fast-evolving situation and shift in the workforce. They were forced to find quick technology solutions to adapt and resorted to BYOD without realising the additional risks to the business and their employees.

Although the practice of BYOD is not new, the pandemic has catapulted BYOD as a significant force across the business landscape. The adoption of BYOD increases the organisation's exposure to malware, legal and regulatory risks, data theft, and data loss. It drives firms to establish administrative, physical, and technical measures to ensure robust protection.

?????? ???????????????????? ???? ?? ???????? ???????????? ???? ?????????? ?????????? ?????????????????? ?????????? ?????? ???????????????????? ??????????????????????????.?

According to Jenny Zhuang, "???????? ?????????????????? ???????? ???????? ???? ?????? ?????????????????????? ?? ???????? ????????????, ?????? ???????? ???????????????????? ?????? ???????????????? ???????????????? ???? ?????????? ???????? ?? ???????????????? ???????????? ????????????, ???? ?????? ?? ?????????????? ???????????? ???? ???????????????????? ?????? ???????????????????? ???????? ???? ?????? ???????? ???????????????????? ???? ?????? ?????????? ???? ???????????????? ?????????????? ?????? ?????????? ???? ??????????-?????????????? ?????? ???????????????? ????????????????."

From the employee's perspective, they need to understand that BYOD may allow an employer to have a limited but reasonable right to access their personal devices, along with proper communication and training.

In terms of obligations, Bryan Tan shared,?"???????? ?? ???????? ???????????? ?????????????? ???????????????? ???????? ???? ???????????????????? ???? ???? ???????????????????????? ???? ?????????? ?????? ??????????????, ???????? ?????????????? ???? ???? ???????????????? ???? ?????????? ?????????? ?????????? ??????????????.?This obligation is enforced albeit, with the increased financial penalty caps that have not been put in, it is still mandatory to notify of the breach."

Further, into the discussion, he emphasised the ?????????????????? ???? ?????????????????????? ???????????????????? ???? ???????? ?????????????????? ???????? ?? ?????????????????????? ???? ????????????, ?????????? ?????? ?????????????????????? ????????????????.?In allowing BYOD, organisations are responsible for protecting private information about employees, and any protective measures implemented by the organisations should also respect such personal information.?

Wrapping up the session, the speakers shared their key takeaways for risk managers to mitigate the risks that come with BYOD.

• The solution is to realise the importance of taking proper measures before any situation occurs. The key is to implement security systems to cover any potential risks.
• Risk managers should consider turning their attention to revamping policy issues and mitigating liability risks with good corporate governance.?
• Besides BYOD, ???????????? ?????????????? ???????????????? (??????) is another security risk most often overlooked by organisations. As risk managers, it is critical to ensure security in accessing remote desktops with virtual desktop and software solutions.

Access more of the sessions at www.parima.org/confident-response-series .

__________________________________________________________________________

The PARIMA ?????????????????? ???????????????? ???????????? aims to bring one session every quarter to help risk managers fine-tune their incident response preparedness and understand the latest tactics, techniques, and procedures from the most successful cybercriminals, leading to deeper collaboration with business partners and mitigation of technical, legal, and reputational risks.