When BYOD Goes Wrong: A look Horror Stories and The Benefits of a Good Policy

Sep 15, 2016Small Business Security

 Bring-your-own-device, or BYOD, is a phrase referring to the increasing trend of employees bringing devices they own to the workplace. There are many reasons and benefits to adopting a BYOD policy for your workplace- with ncreased worker satisfaction is a major benefit. Employees are generally more satisfied using devices they chose themselves and use regularly. Another benefit is saving on costs. When an employee already owns their device, this saves your company large amounts of money from having to purchase new devices.

BYOD policies also increase productivity. When employees use devices they are more familiar with and use more frequently, this allows for employees to complete work more efficiently. Workplaces also experience increased engagement among employees. Employees can communicate more easily outside of the office, as well as respond to emails after hours more frequently when they have a device available for use.

Some statistics on BYOD policies:

  • The global market for BYOD will increase from $67.21 billion in 2011 to about $181.39 billion by the year 2017
  • 50 percent of companies will require employees to provide their own devices for their jobs by the year 2017
  • 69 percent of IT decision makers in the U.S. feel BYOD is a good thing and a positive move for their organization
  • 49 percent of users say they are more productive using their own devices

If your company implements a BYOD policy, it is important to keep track of what data is on which of your employees’ specific devices. This Excel template helps you keep track of your company’s BYOD use. 

As efficient as a BYOD policy can be, it can also lead to disastrous situations if not enforced correctly. Here are a few BYOD horror stories to learn valuable lessons from.

Doctor’s stolen laptop causes $1.5 million fine

In September 2012, Massachusetts Eye and Ear Associates, Inc. suffered one of the worst BYOD-related repercussions to date. A laptop who belonged to a doctor working for the company was stolen- along with all of the sensitive patient data stored on it. When news of this incident spread, the company was hit with a whopping $1.5 million fine for violating rules of the Health Insurance Portability and Accountability Act (HIPAA).

What did the company do wrong?

One mistake the company made was leaving sensitive data unencrypted. Anyone could have accessed all the files on the laptop. The company also did not do a good job of physically storing the device securely enough.

What should the company have done differently?

Any device that contains sensitive information must have several layers of security. The laptop needed encryption, strong passwords and other security measures to ensure all sensitive files were secure. When doctors are not using their devices, they need to securely store them away, or the device needs to be physically stable in one spot so nobody can steal it as they walk by.

CEO loses vacation pictures due to BYOD policy 

        Mimecast CEO Peter Bauer felt the consequences of his own company’s BYOD policy flaws. While vacationing, Bauer’s daughter tried to play with her father’s smartphone. Bauer had a remote wipe feature installed on his phone by his company for security. After entering several incorrect passwords to attempt to access her father’s phone, the remote wipe feature became activated, deleting all of the photos he had taken on the trip so far.

What did the company do wrong?

The company completely wiped the phone with little evidence of it actually being hacked. They should have monitored the account for more suspicious activity before remote wiping all of its data. Although a remote wipe feature can be a useful security measure for some devices, it becomes a deterrent when it makes employees lose their data easily.

What should the company have done differently?

The company should have created better balance of security between personal and work devices. Employees need to be better educated of what exactly their company is able to do with their devices, and understand the consequences when not handled correctly. In this instance, an employee on the IT team could have called the contact to see if it was indeed being stolen.

Employee accidently shares sensitive info with Dropbox

Another company’s employee used his personal phone while connected to the business’s Wi-Fi to download a sensitive document from the company’s SharePoint site. While arranging files on his phone, he accidently stored the sensitive file on a Dropbox location. This allowed people who didn’t work for the company to view the sensitive information.

What did the company do wrong?

The employee’s cell phone was not secure enough to be handling such sensitive files. The employee was also careless in the way he handled such sensitive files as well.

What should the company have done differently?

If an employee has access to sensitive files with their phone, it is crucial to ensure the files cannot be shared or stored between any apps that shouldn’t store the files. Also, like so many other issues, education is the key. Provide training for your employees so they will know how to properly use their devices without any risk of security breaches.

Coca-Cola experiences data breach after employee steals laptops

          Coca-Cola suffered from a data breach when an employee stole many laptops over the course of several years. The employee reportedly stole 55 laptops over a 6-year period. This breached over 18,000 personal records, and part of this data included social security numbers. There were also 56,000 records covering other types of sensitive data that were breached as well.

What did the company do wrong?

          Coca-Cola was very oblivious in this situation not noticing the theft taking place. There was not an efficient record system to keep track of all company laptops, and what they were used for. The laptops also did not have enough security as well, as the employee easily accessed sensitive records.

What should the company have done differently?

          Coca-Cola needs a strict device tracking policy to always know the whereabouts of all company devices. All laptops and other devices that aren’t used should be stored in a strong safe box to prevent theft. The company could also probably benefit from a stronger video surveillance system to keep a better eye on company equipment and employees.


Although these are unfortunate incidents that happened, let them be lessons to better educate yourself on how to avoid these BYOD horror stories. The majority of technology professionals agree that BYOD is a good thing, and it is a trend that will only continue to grow stronger.



Nabil Hourani

nabilhouraniNabil hails from the Dallas area of Texas. He relocated to Colorado after college to experience all the beauty and adventures the state has to offer. Nabil has a passion for technology, and loves being able to communicate with businesses about their IT needs. In his spare time, he enjoys camping in the majestic Colorado wilderness, fishing, and playing music.

Connect with Us

Subscribe to our Blog!

Post Categories

New Call-to-action



Contact Us

Tired of letting IT issues run your business? We’re here to help. Don’t worry, we leave our IT jargon at the office because we know you’re not an IT techy, that’s why you called us.