Security Behaviour Database
/
All Behaviours > SB094 Does not use personal devices for work unless authorised to do so

SB094 Does not use personal devices for work unless authorised to do so

Has separate work and personal devices. Only uses personal devices for work if authorised by the employer, using measures highlighted in the database. Working with sensitive corporate information on personal devices poses security risks as this information can be maliciously used if the device is breached or lost or stolen. Personal devices are also not a part of the corporate network and having a company's Intellectual Property on them can be a breach of GDPR.


Why is it important?

Personal devices typically have basic protection unless paid for, usually provided by the manufacturer. Not using a personal device for work prevents potentially sensitive information being stolen from a device more susceptible to compromise.

Priority Tier

Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.

Tier 1

Risk Mitigated

Privacy Violation

Privacy Violation

A privacy violation occurs when an unintended person learns about someone elses private information.

Data Theft

Data Theft

Data theft is the intentional stealing of data.

Data Leak

Data Leak

A data leak is when data is accidentally or intentionally disclosed to unauthorised people.

Further reading

https://www.core.co.uk/blog/byod-effect-security-risks-personal-devices-work
https://link.springer.com/chapter/10.1007/978-3-030-78645-8_74

SebDB is brought to you byCybSafe| © 2023 CybSafe Ltd