.svg){kind=icon}
.svg){kind=icon}
.svg){kind=icon}
More businesses are hiring people who work remotely — often contractors or employees who use their own computer at home. This is called BYOD (Bring Your Own Device).
It’s attractive as it allows the business to recruit people they otherwise may not be able to, and it seems it may also save money – no need to provide an office, or a computer. But there’s a catch with the computer bit: BYOD can open serious cybersecurity risks if not managed carefully.
👉 GTB’s first recommendation: Wherever possible, provide your remote staff with a work device (such as a laptop) that is secured and monitored to the same standard as your office computers. This keeps your systems consistent, reduces risk, and makes support easier.
When BYOD really is the only option, the following points are essential.
Why BYOD Can Be Risky
When someone connects to your systems — whether it’s Microsoft 365, a company server, or cloud apps — their computer becomes part of your business network.
Company-owned devices are usually secured with monitoring software that your IT partner manages. With personal devices, you don’t have that visibility. That means:
You don’t know if the device has working antivirus or is up to date.
Malware or unsafe apps could slip through unnoticed.
Company data might be saved in unsafe places.
A lost or stolen laptop could give outsiders a way in.
Cybercriminals love weak links like this — which is why unmanaged personal devices are one of the top ways attackers break into businesses.
The Endpoint Security Question
Here’s the heart of the issue:
On company-owned devices, we (GTB) install and monitor endpoint protection software every day. We see alerts, apply updates, and act if there’s a problem.
On a contractor’s personal device, if they use their own security, we have no visibility. We don’t know if it’s running properly — or at all.
That’s a risk both for you and for us as your IT partner.
The Options for your SME
So, what’s the answer? Here are the main approaches:
1. Best Practice: Provide a Work Device
The safest option is simply to give remote staff or contractors a company laptop for your work only. That way, it’s secured and monitored to the same standard as all your other office machines.
Budget – A laptop should last say 5 years. Take the cost of the laptop and its security and divide it by 5 for a yearly cost. How does this compare to the total of all the other costs of the employment? Likely it will only add a very small percentage increase.
2. Next Best: Use GTB-Managed Security on BYOD
If a personal device must be used, we recommend installing our managed endpoint protection and patching software on it. This gives us visibility and daily monitoring and keeps the machine protected.
✔ Maximum safety
✔ Consistent standards
✘ Some contractors may object (e.g. if they already work with another IT provider).
3. Compromise: Let Them Use Their Own Security
A contractor uses their own antivirus or endpoint software.
✔ Easier for the contractor
✘ No visibility for you or GTB
✘ Higher risk — you’re trusting the contractor’s setup without proof
4. Alternative: Limit Access Through Remote Desktop/Browser
Instead of direct access, the contractor connects through a remote desktop or secure browser session. That way, company data never lives on their personal computer.
✔ Good for sensitive work
✘ More setup and licensing costs
How to Decide
For most small businesses, the choice comes down to risk vs convenience.
Our recommendation is:
First choice: Provide a company-owned, secured device.
If not possible: Require GTB-managed endpoint protection on any BYOD device.
If refused: Limit what the contractor can access, and get written acknowledgement that their device is unmanaged.
For high-risk roles (finance, admin, IT admin accounts): No unmanaged BYOD at all.
Keeping It Simple and Safe
The topic of BYOD security for SMEs in NZ doesn’t have to be a security nightmare. With a clear policy and the right controls, you can safely hire the people you need, wherever they are.
At GTB, we help SMEs put these safeguards in place:
A simple BYOD policy template you can use with staff or contractors.
Managed endpoint protection and patching with daily monitoring.
Options for secure remote access through Microsoft 365 or Remote Desktop.
Practical advice to balance flexibility with safety.
✅ Next step: Thinking about giving BYOD access? Concerned about BYOD security for SMEs in NZ? Talk to us first. We’ll help you set it up in a way that keeps your business secure, simple, and cost-effective.
📞 Contact GTB today to protect your business — while still keeping BYOD an option.
