If you are having trouble accessing this website or parts of it, please call 1-800-832-0034 or email [email protected] and we will provide you with assistance.
 

BLOG

Resources for Educators
& Professionals

 

The Weakness of BYOD Policies

by  Dr. Gene Lloyd     May 26, 2026
byod-cyber

Computer Science students are taught very early on in their education journey about the importance of controlling the devices connected to a network. Professors are intentional about ensuring that every student understands how dangerous it is to connect random devices to the network architecture because one vulnerable device can cause a vulnerability for the entire network, and one malicious device can become an instant insider threat. To that end, we train our students to be vigilant about controlling physical access. We do not want random devices creating security problems, but an ideology that has shown increased and decreased interest and acceptance over the past decade is having a resurgence that needs to be addressed in the classroom. The ideology is “bring your own device,” or BYOD. 

What BYOD Policies Promise 

BYOD policies allow employees to bring their own phones, tablets, and other devices to work and connect them to the company network. It is a novel idea that assumes employees will be more productive if they use devices they are familiar with, and it also shifts some of the equipment cost burden away from the organization. Additionally, BYOD boosts morale as employees can have instant access to their email, social media, and other internet-connected services on their personal device without using excessive data on their cellular plan. It sounds nice, but what happens when one of those devices has a vulnerability that puts the network at risk? Even worse, what happens when a disgruntled employee brings a personal device with the express intent of creating an internal connection that can be accessed from external locations? These are real threats that should be discussed in the classroom, so students are prepared to advise management on the most secure solutions. 

Security Challenge #1: Unpatched and Unregulated Devices 

There are two major security challenges to BYOD. The first is that personal devices may not follow the same update and patching schedule as corporate devices, and they may not be running current antivirus software. Corporate policies are often more rigorous in security updates than those of individual home users. Students need to understand that personal devices are outside of the control of company network managers, and this creates a long list of potential security risks. Unpatched systems are one of the most commonly hacked devices on networks, and if hundreds of employees connect their insecure systems to a network, the chance of infiltration is very high. 

Security Challenge #2: Data Privacy and Device Control 

The second security challenge is that, in some cases, companies allow BYOD only if they are given control over the personally owned devices, which introduces data privacy concerns. Most employees would not want their coworkers or managers rifling through their personal files, but in this type of BYOD configuration, everything on their device could potentially be viewed by others in the organization. Professors should teach their cybersecurity students that the company assumes significant risk when personal data becomes intermixed with corporate data, and they should encourage their students to advise against such policies. 

How BYOD Can Be Exploited on a Network 

Professors should outline how common network configurations will not protect against internally misconfigured systems. A personal laptop infected with malware can easily establish an outbound connection through a firewall, and the stateful connection it creates can allow bad actors controlling the external malicious system to reach other network devices through a single personal device. Students should be well informed about the communication protocols exploited by hackers to gain access and how an insecure system, personal or otherwise, makes a hacker’s job significantly easier. BYOD helps the hacker, and that is the crux of the problem with this type of policy. 

Why Risk Outweighs Reward 

Cybersecurity is an inconvenient necessity. The necessary requirements to keep systems and networks secure are inconvenient for users because they require additional measures that restrict or control access to limit risk. Students need to understand that organizations should not adopt policies that introduce risks to the network. Introducing risks is a practice contrary to what cybersecurity tries to accomplish. The only time a risk-inducing policy should be allowed is if it is necessary to carry out the organization’s functions. Most would not consider the small advantages of BYOD to be a necessary function. The minor gains in morale do not outweigh the high level of risk. Classroom environments are a great place to discuss the pros and cons of this policy so students can fully think through all of the variables. 

A Safer Alternative to Traditional BYOD 

Of course, if one could determine a way to allow BYOD without introducing risks, it could be viable for an organization to adopt. An alternative method is to establish a segregated Wi-Fi access point that is completely separate from the organizational network. This methodology could provide high-speed internet for employees for any device they choose to bring to work. It would essentially be similar to using Wi-Fi at a coffee shop and allow employees to work on their personal devices without allowing for any interconnectivity to corporate systems. This is not BYOD in the traditional sense, but it would provide a fast internet connection for employee devices. 

BYOD was always a novel idea. It is an interesting experiment that should have never gone further than a white paper. Allowing an individual to connect a personal device to a corporate network is almost guaranteed to introduce risk, and the level of risk increases with each additional personal device attached to the network. Cybersecurity students should be trained in the negative aspects of this ideology and be prepared to advise against its implementation in their future security-related roles. The better we train our students today, the more prepared they will be to maintain a high level of security on networks when they begin working in the industry. Cybersecurity professors can have an incredibly positive influence on industry best practices if we ensure our students are aware of the myriad of security pitfalls that lie in wait for internet-connected devices. BYOD, as it is seen today, should end, and we should teach tomorrow’s experts the reasons why.

Stay Connected

Categories

Clear

Search Blogs

Featured Posts

The Weakness of BYOD Policies

by  Dr. Gene Lloyd     May 26, 2026
byod-cyber

Computer Science students are taught very early on in their education journey about the importance of controlling the devices connected to a network. Professors are intentional about ensuring that every student understands how dangerous it is to connect random devices to the network architecture because one vulnerable device can cause a vulnerability for the entire network, and one malicious device can become an instant insider threat. To that end, we train our students to be vigilant about controlling physical access. We do not want random devices creating security problems, but an ideology that has shown increased and decreased interest and acceptance over the past decade is having a resurgence that needs to be addressed in the classroom. The ideology is “bring your own device,” or BYOD. 

What BYOD Policies Promise 

BYOD policies allow employees to bring their own phones, tablets, and other devices to work and connect them to the company network. It is a novel idea that assumes employees will be more productive if they use devices they are familiar with, and it also shifts some of the equipment cost burden away from the organization. Additionally, BYOD boosts morale as employees can have instant access to their email, social media, and other internet-connected services on their personal device without using excessive data on their cellular plan. It sounds nice, but what happens when one of those devices has a vulnerability that puts the network at risk? Even worse, what happens when a disgruntled employee brings a personal device with the express intent of creating an internal connection that can be accessed from external locations? These are real threats that should be discussed in the classroom, so students are prepared to advise management on the most secure solutions. 

Security Challenge #1: Unpatched and Unregulated Devices 

There are two major security challenges to BYOD. The first is that personal devices may not follow the same update and patching schedule as corporate devices, and they may not be running current antivirus software. Corporate policies are often more rigorous in security updates than those of individual home users. Students need to understand that personal devices are outside of the control of company network managers, and this creates a long list of potential security risks. Unpatched systems are one of the most commonly hacked devices on networks, and if hundreds of employees connect their insecure systems to a network, the chance of infiltration is very high. 

Security Challenge #2: Data Privacy and Device Control 

The second security challenge is that, in some cases, companies allow BYOD only if they are given control over the personally owned devices, which introduces data privacy concerns. Most employees would not want their coworkers or managers rifling through their personal files, but in this type of BYOD configuration, everything on their device could potentially be viewed by others in the organization. Professors should teach their cybersecurity students that the company assumes significant risk when personal data becomes intermixed with corporate data, and they should encourage their students to advise against such policies. 

How BYOD Can Be Exploited on a Network 

Professors should outline how common network configurations will not protect against internally misconfigured systems. A personal laptop infected with malware can easily establish an outbound connection through a firewall, and the stateful connection it creates can allow bad actors controlling the external malicious system to reach other network devices through a single personal device. Students should be well informed about the communication protocols exploited by hackers to gain access and how an insecure system, personal or otherwise, makes a hacker’s job significantly easier. BYOD helps the hacker, and that is the crux of the problem with this type of policy. 

Why Risk Outweighs Reward 

Cybersecurity is an inconvenient necessity. The necessary requirements to keep systems and networks secure are inconvenient for users because they require additional measures that restrict or control access to limit risk. Students need to understand that organizations should not adopt policies that introduce risks to the network. Introducing risks is a practice contrary to what cybersecurity tries to accomplish. The only time a risk-inducing policy should be allowed is if it is necessary to carry out the organization’s functions. Most would not consider the small advantages of BYOD to be a necessary function. The minor gains in morale do not outweigh the high level of risk. Classroom environments are a great place to discuss the pros and cons of this policy so students can fully think through all of the variables. 

A Safer Alternative to Traditional BYOD 

Of course, if one could determine a way to allow BYOD without introducing risks, it could be viable for an organization to adopt. An alternative method is to establish a segregated Wi-Fi access point that is completely separate from the organizational network. This methodology could provide high-speed internet for employees for any device they choose to bring to work. It would essentially be similar to using Wi-Fi at a coffee shop and allow employees to work on their personal devices without allowing for any interconnectivity to corporate systems. This is not BYOD in the traditional sense, but it would provide a fast internet connection for employee devices. 

BYOD was always a novel idea. It is an interesting experiment that should have never gone further than a white paper. Allowing an individual to connect a personal device to a corporate network is almost guaranteed to introduce risk, and the level of risk increases with each additional personal device attached to the network. Cybersecurity students should be trained in the negative aspects of this ideology and be prepared to advise against its implementation in their future security-related roles. The better we train our students today, the more prepared they will be to maintain a high level of security on networks when they begin working in the industry. Cybersecurity professors can have an incredibly positive influence on industry best practices if we ensure our students are aware of the myriad of security pitfalls that lie in wait for internet-connected devices. BYOD, as it is seen today, should end, and we should teach tomorrow’s experts the reasons why.

Tags

Clear