/
All Behaviours > SB094 Does not use personal devices for work unless authorised to do so
SB094 Does not use personal devices for work unless authorised to do so
Has separate work and personal devices. Only uses personal devices for work if authorised by the employer, using measures highlighted in the database. Working with sensitive corporate information on personal devices poses security risks as this information can be maliciously used if the device is breached or lost or stolen. Personal devices are also not a part of the corporate network and having a company's Intellectual Property on them can be a breach of GDPR.
Why is it important?
Personal devices typically have basic protection unless paid for, usually provided by the manufacturer. Not using a personal device for work prevents potentially sensitive information being stolen from a device more susceptible to compromise.
Priority Tier
Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.
Risk Mitigated
Privacy Violation
A privacy violation occurs when an unintended person learns about someone elses private information.
Data Theft
Data theft is the intentional stealing of data.
Data Leak
A data leak is when data is accidentally or intentionally disclosed to unauthorised people.
Further reading
https://www.core.co.uk/blog/byod-effect-security-risks-personal-devices-work
https://link.springer.com/chapter/10.1007/978-3-030-78645-8_74