Many companies augment their team with external consultants, contractors, or advisers. It can be a great way to expand your capabilities without adding additional full-time staff. The challenge is how to give secure access to these third parties to collaborate with the rest of your team. Often third parties will offer to use their own laptops rather than you having to provision them one.
The advantage of allowing third parties to use their personal devices when collaborating with your team include cost, as you don’t have to provide a corporate device for that person, speed, as you can quickly provision accounts for specific applications, and convenience, no-one wants to carry around 2 laptops.
The challenges, however, are many. Firstly, most personal computers do not have the level of protection from malware and viruses that corporate devices do. Personal devices are not centrally monitored for breaches or out-of-date software the way corporate devices are. Giving access to these un-monitored and poorly protected devices means that you are creating a easy gateway for bad actors to penetrate your otherwise secure infrastructure.
Secondly it is not possible to be sure that your data is removed from a personal device once the engagement is over. Any deleted file can easily be undeleted, the only way to be sure data is deleted is to fully wipe the computer, which we cannot do to a personal device. If a personal device were to be lost or stolen, there are no remote wipe capabilities or ways to shut off access in the speed and manner that you would if this were a corporate device.
Lastly, there are privacy concerns when personal computers are exposed to corporate resources - data and internet activity you don’t want to know about can be exposed.
The security threat posed by personal devices is such that we strongly recommend that you issue a corporate computer to third parties. Many companies have a spare computer that can be set up for external parties to collaborate with your team, then wiped after the engagement. While this requires an investment on your part, it far outweighs the possible headaches and problems that allowing corporate data to be saved on a non-corporate computer create.
If you do choose to allow your company data to be accessed from a personal device you will need to use contract language to protect your data, Hybridge has boilerplate that can help with this, please contact us if you would like a copy.
If you need help procuring or setting up a spare device for your contractors or advisers or want to discuss remote access to your corporate network, call us at 650-421-2000 or email us at info at hybridge.com. We are here to help.
Share this blog: