Employees who access company systems from personal laptops, smartphones, and tablets put their firms’ and consumers’ intellectual property and sensitive information in danger. And the risks keep growing, not only from traditional phishing and fraud schemes, but also from new and insidious spyware campaigns that spread through subtle cracks in mobile operating systems. The risk is especially profound for financial institutions, which could increasingly be targeted by spyware campaigns aimed at crippling critical infrastructure. It’s time to cinch up bring-your-own-device (BYOD) policies that remain too lax. In fact, it’s Javelin’s view that companies’ best chance at keeping themselves, their customers, and their employees safe is to eliminate BYOD all together. 

Key questions discussed in this report:

• What are the business implications of spyware that infects an employee’s personal device that is already linked to personal email accounts and sensitive corporate internal systems?
• What are the limitations of cybersecurity training for employees, particularly regarding spyware that infects devices without any action needed from the employee?
• How can companies set clear boundaries between work and personal devices that are agreeable for both employers and employees?

Companies Mentioned:

Cybersecurity & Infrastructure Security Agency, Gmail, Microsoft Authenticator, NSO Group, Okta, Pegasus, Twilio