Your employees are the biggest risk to your business

27 October 2016

7 min read

The rise of Bring Your Own Device means the biggest threat to business could be staff devices. What do the experts think?

Your employees are the biggest risk to your business (Desktop)

Find out about HP EliteBook x360

Bring Your Own Device (BYOD) is a double-edged sword. Some see it as a chance to save on tech – why buy laptops and phones when your staff prefer to use their own? But an increasing number are worried about the security risks that come with adopting a BYOD and would prefer to offer CYOD (Choose your own device) instead.

However, CYOD policy doesn’t come without its own unique set of security concerns. This is why safety comes first at HP. The military-grade tested HP Elite range offers security technology that is second to none. For example, the HP EliteBook x360 was recently announced as the world’s thinnest and most secure business convertible. Equipped with the latest 7th Gen Intel® Core™ processors, it also packs a punch. Intel Inside®. Powerful Productivity Outside.

Consumer devices are often preferred by a growing millennial audience because of the perception that business devices are lacking and harder to use, "business devices [are struggling] to catch up with technologies designed for consumer. Usability is a big factor around the consumerisation of IT,” Forrester analyst Dr. Thomas Mendel, “but style and fashion are also becoming decision factors [for business users].”

“Business devices are struggling to catch up with technologies designed
for consumers”Dr. Thomas Mendel, Forrester


 The HP EliteBook x360 is a high spec hybrid laptop, which comes with 360° of versatility across five modes, and up to 16 hours and 30 minutes of battery life. It’s the business device that’s not only caught up with consumer devices, but has surpassed them. As the world’s thinnest and lightest business convertible, it delivers industry-leading security and immersive collaboration - no matter where you are.

But when it comes to businesses getting access to cutting-edge devices like the HP EliteBook x360, it can feel easier said than done. That’s where computing solutions, like HP Device as a Service (DaaS), can help - a one-stop solution that delivers multi-OS devices combined with proactive endpoint management servicesand analytics in simple, yet flexible plans.  In addition, HP DaaS manages, analyses and monitors your infrastructure remotely. It keeps it running smoothly, efficiently and securely and, better yet, a full portfolio of service options covers every phase of the device lifecycle – from start to finish.

In an issue important to many users, HP DaaS offers multi-vendor and multi-OS support so, iOS devices can safely integrate with your infrastructure. Mendel has also warned that devices, such as iPhone and services like Skype, have quickly established user bases. After all, consumer devices aren’t just pieces of hardware – they’re intrinsically linked to services, both business and consumer (i.e. iTunes and Skype for Business). CIOs should view the services model when reviewing how consumer technology fits into business, particularly with how that translates to security and the ability to scale with business demands. 

By 2018, 40% of large enterprises will have formal plans in place to deal with aggressive cybersecurity attacksGartner

74% of organisations are already allowing or planning to allow a BYOD policy, so the impact of consumer devices on security can’t be ignored. Gartner says that by 2018, 40% of large enterprises will have formal plans in place to deal with aggressive cybersecurity attacks. The increasing number of large-scale attacks over recent years means CIOs in particular are required to make these contingency plans a priority.

“Gartner defines aggressive business disruption attacks as targeted attacks that reach deeply into internal digital business operations with the express purpose of widespread business damage,” said Paul Proctor, VP and analyst at Gartner. ”Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the Internet by attackers. Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack. These attacks may expose embarrassing internal data via social media channels — and could have a longer media cycle than a breach of credit card or personal data.”

While the impact of public perception of a company, customer relationships and data integrity can be huge, it doesn’t end there. Depending on the scale of the attack, employees may not be able to get back to normal in the workplace for many months.

“Entirely avoiding a compromise in a large complex enterprise is just not possible”Paul Proctor, Gartner

It’s for this reason that most are switching their focus from blocking and detecting attacks, to detecting and responding to them.

“Entirely avoiding a compromise in a large complex enterprise is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur,” said Proctor. “Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program. Balancing investment in detection and response capabilities acknowledges this new reality.”

Having a service like HP DaaS is an ideal gateway into a new way of security thinking. When your devices are managed and monitored by a single entity, then it becomes easier to detect and respond to threats, instead of working backwards to the origin of a threat in a disparate, unorganised network.

Find out more by downloading our cybersecurity eBook here

The Internet of Things (IoT) is getting bigger and better with every new product that gets released. Because of this, it’s not only attracting larger budgets but also attracting more attention from CIOs and cybercriminals alike. Technology like this is easily adopted due to the ease of use and convenience that it brings to users’ lives. Unfortunately, consumer devices often don’t have the same levels of security – either on board or manually configured. When combined with lack of users’ security knowledge, it can make for a dangerous combination.

The future of device security

Gartner predicts that the standard to which security programs are held will intensify, with more attention being paid to risk and business change. It’s also thought that Executive boards will provide more support and guidance, since the onslaught of hacking scandals that have rocked a large number of businesses, from Sony Entertainment to Ashley Madison and T-Mobile.

“Security is not a technical problem, handled by technical people, buried somewhere in the IT department”Paul Proctor, Gartner

As disruptive as these attacks have been, they have been something of a wakeup call for businesses all over the world, and key to building the business case for proactive thinking about cybersecurity risk and investment into more robust systems.

“CISOs and chief risk officers (CROs) can and should persuade executives to shift their thinking from traditional approaches toward risk, security and business continuity management. Security is not a technical problem, handled by technical people, buried somewhere in the IT department,” said Proctor. “Organisations need to start solving tomorrow's problems now.”

Dr. Mendel commented that moving forward to rely more heavily on standardised technology is one of the ways to combine security with consumer-style ease of adoption. Mendel suggests that an increasing number of businesses will benefit from this cheaper and more reliable way of doing this than regular purchasing models.

When you’re combining the most secure devices, like the EliteBook x360, with the security benefits of a streamlined and managed plan, you’re going to have an incredibly secure IT infrastructure.


Find out more about cybersecurity and your business with our eGuide here.  


Intel, the Intel Logo, Intel Inside, Intel Core, and Core Inside are trademarks of Intel Corporation in the U.S. and/or other countries.

1. Most secure based on HP’s unique and comprehensive security capabilities at no additional cost among vendors with >1M annual sales as of December 1, 2016 on HP Elite PCs with Intel 7th Gen Intel® Core™ processors, Intel® integrated graphics, and Intel® WLAN. Thinnest Based on competitors with >1m units annually of convertible, non-detachables having a Windows Pro OS and 6th or 7th generation U series Intel® Core™ vPro™ processors.

2. HP DaaS plans and/or included components may vary by region or by Authorised HP DaaS Service Partner. Please contact your local HP Representative or Authorised DaaS Partner for specific details in your location. 

3. Windows 10 MM14 battery life will vary depending on various factors including product model, configuration, loaded applications, features, use, wireless functionality, and power management settings. The maximum capacity of the battery will naturally decrease with time and usage. see for additional details.