Skip to content

12 challenges facing bring your own device (BYOD) policies

Meredith Kreisa headshot
Meredith Kreisa|Updated May 21, 2024
Security Article Background
Security Article Background

Bring your own device (BYOD) is a mixed blessing. On the one hand, it can improve the company’s morale and cost savings. On the other, it brings with it a whole host of potential problems. Knowing what BYOD challenges you may face can help you tackle them head-on and increase the effectiveness of your BYOD program. 

According to one study by Cybersecurity Insiders, 82% of organizations allow BYOD to some extent. However, in the rush to adapt to this new era, companies often overlook critical factors. We’ll lay out the common BYOD risks to help you prepare. 

A brief history of bring your own device 

Everything was so easy a decade back. Employees used company-issued computers, spoke on company-owned cell phones, and played by the IT department’s rules. People usually weren’t allowed to use their own laptops or mobile devices for work, which enabled IT teams to keep everything locked down.

But then, the mobile revolution happened. No longer content to use archaic computers and ancient communication devices, employees wanted to do both personal and business tasks on the same machines. So the BYOD trend took hold. Many companies began implementing BYOD policies, allowing workers to use whatever computer or phone they wanted.

Malware 

The most glaring negative of a BYOD policy is that the IT department loses almost all control over the hardware. Your sysadmins can’t fully dictate what apps or programs employees install, how they secure their devices, or what files they download. 

And make no mistake: Employees download things to their personal devices that they’d never dream of keeping on a work computer. From questionable game apps to suspicious PDFs, you just don’t know what might be on there. A malware infection or hidden virus in an employee’s files could spell disaster for your business when an infected BYOD device connects to the company network.

Lack of uniformity 

Your employees may have either an Android or Apple device, and each may run on a different operating system or a different version of the same OS. This inconsistency can complicate collaboration and management. 

Compliance enforcement

Certain industries, such as healthcare, have incredibly strict regulations about using and distributing information. Companies must comply with these policies and safeguard sensitive data appropriately, even if that data resides on an employee-owned device. Failure to do so can destroy customer trust and result in costly penalties. 

Allowing an employee to load corporate information onto their personal device greatly increases the likelihood of compliance failure. There are numerous risks: 

  • Employees may fail to appropriately secure confidential data outside the confines of the office. 

  • Employees may accidentally share private data with those who do not have the right to see it. 

  • If sensitive information isn’t secured properly and a device is lost or stolen, the company must take significant steps to ensure the data isn’t inappropriately accessed. 

There are ways to enforce compliance on employee devices, but they are infinitely more complex than the methods for securing corporate devices. 

Data theft or data leakage 

Corporate data is a valuable target for hackers, and they know that employee-owned devices are an easy opportunity for a security breach. This makes BYOD data management a high priority.

Personal applications that your employees use may have less stringent security protocols, giving cybercriminals an inroad to your sensitive company information. Some employees may also be more reckless with their personal devices, managing them poorly and/or connecting to unsecured Wi-Fi. Any lax personal use increases the company information security risk. 

Adding to the risk, around 10% of users have their smartphones stolen, and 68% never recover their devices. Should you fail to establish a strong BYOD security policy, whoever gets their hands on your employee’s phone may have unauthorized access to valuable data.

Data loss when an employee leaves 

It’s a company’s worst nightmare. A problem employee quits or is fired, taking with them thousands of valuable or even confidential files. Suddenly, the company must scramble to retrieve the data and hope that the rogue former employee doesn’t do something rash. 

While that employee most likely signed an agreement regarding using company data, there’s no guarantee that they’ll keep their end of the bargain in their disgruntled state. To prevent such events, companies must have plans in place to deal with these situations. One valuable security measure is the option to automatically delete data from Managed Apps when a BYOD device unenrolls from MDM.

At some point, you may feel you need to search an employee device to find company data. The first problem is that without authorization, searching an employee-owned device could constitute trespass. And what happens if, during that search, the IT department stumbles upon evidence that the employee has also been working on a project for a competitor?

This raises a host of hugely complex legal questions the company must navigate. Did the IT department have permission to search the device? If you’ve unfairly accessed personal information, can you even act on it without facing legal consequences? Would the discovered data hold up in an arbitration case?

There are also other potential legal concerns:

  • What are your legal responsibilities with regard to privacy? 

  • If the employee is fired and the company wipes their iPad, is the company liable if it accidentally erases personal data in the process?

  • What if the company finds evidence of a crime on an employee’s personal device? Would that evidence hold up in court? 

  • What if law enforcement seizes an employee’s personal device as part of an investigation? What happens to company data? 

Moreover, customers or business partners may bring lawsuits if a data breach occurs.

To avoid these legal nightmares, companies must have crystal clear BYOD policies in place to protect them, their employees, and their customers. Failure to implement these policies can lead to massive legal headaches and significant expenses. 

Rogue devices 

It’s not unusual for tech-savvy individuals to customize their devices — sometimes to the extreme. Jailbroken iPhones have been around for almost as long as the phone itself, and the process allows users to install apps unavailable to normal users. While Macs have a reputation for being secure, they are not immune to threats, including malicious apps. 

These rogue devices also present a BYOD security risk. Are they covered under BYOD policies? What if a user accidentally downloads malware onto a customized phone, which then compromises company data? How do you handle that? 

Reduced productivity 

BYOD advocates have argued that using personal devices increases employee productivity. In some cases, that might be true. But allowing employees to bring their own devices could also significantly hurt productivity. 

Yes, that brand new iPhone has some excellent business apps, but it also has TikTok, Snapchat, Instagram, Facebook, YouTube, and a thousand other distractions. It’s incredibly easy for employees to get sucked into the endless black hole of texting, scrolling through their FYPs, and drooling over the latest viral recipes. And while employees enjoy some me time on the corporate network, they’re misusing valuable bandwidth and company time while jeopardizing network security.

Lack of employee training

An estimated 68% of data breaches involve a human element. Regardless of your BYOD policy, your employees are likely your business’s most significant cybersecurity threat. That said, allowing them to use personal devices at work inherently amplifies the risk.

Comprehensive and regular BYOD security training is essential. You should equip your staff with the skills they need to recognize the signs of an attack and react appropriately. If they use personal devices for work purposes, training should also establish what data security policies and procedures carry over across company- and employee-owned devices. 

Shadow IT

Shadow IT operates outside the company’s designated IT department. It occurs when employees use unauthorized hardware or software. The IT team could even be oblivious to the issue. Employees may purchase consumer products, inadvertently opening the company up to greater risk. They might use unmanaged devices, bring in an unapproved USB drive, download consumer-grade software, or engage in other behaviors that jeopardize system security.

Poor mobile management 

Applying effective mobile management is infinitely more complicated in a BYOD environment, but your IT team needs at least some level of control. If an employee loses their mobile device or leaves the company, your IT team should be able to reset passwords and wipe company data. You should also be able to determine which personally owned device is responsible should a BYOD security incident occur. Mobile device management (MDM) solutions are the easiest way to update and monitor multiple devices. However, some organizations prefer to use mobile application management (MAM) software for BYOD devices to focus exclusively on corporate data and applications.

Employee confusion 

Fun fact: Most employees have no interest in damaging their devices or your company. Cluelessness is the root of many BYOD issues. Implementing a detailed bring your own device policy can clear up much of the confusion and set up employees for BYOD success. Don’t get us wrong: Some BYOD users still mess up even if you hold their hand, gently guide them, and offer them an ice cream for good behavior. But you should at least give your more diligent employees every opportunity to excel. 

Is BYOD security even possible? 

In case you didn’t notice the common theme here: Device security is the paramount BYOD challenge. BYOD security risks include most of the same dangers you’ll find in any enterprise mobility management scenario. 

What security measures should a BYOD program incorporate? 

The BYOD security threat isn’t insurmountable. A BYOD program can become more secure by implementing appropriate security measures, including ...  


With the surge in hybrid work models, BYOD capabilities are increasingly important. Like it or not, many employees use their personal devices for work regardless of whether you officially approve it. Establish clear, responsible, and easy-to-understand BYOD best practices and implement an effective MDM solution to protect your business. With great power comes great responsibility, and companies must ensure their employees wield their power wisely. 

SimpleMDM enables Apple-based BYOD setups with intuitive, reliable mobile device management. Sign up for a free 30-day trial to see how it works in your environment. For more information on maintaining Mac devices, keep reading related posts on the SimpleMDM blog

Meredith Kreisa headshot
Meredith Kreisa

Meredith gets her kicks diving into the depths of IT lore and checking her internet speed incessantly. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.

Related articles