Don’t let the Convenience of BYOD Compromise Security
There are really attractive benefits to mobile workforce. For the business, there’s an immediate cost savings—if most of the workforce has to have the latest and greatest smart phone—why not take advantage of that? That would help employee productivity, knowing the device they’re using, and increased happiness and satisfaction of employees who get to work wherever they want with equipment that they enjoy and are familiar with.
However, with increased freedom comes increased risk. And, honestly, the cons might outweigh the pros here. People lose phones all the time—at home, coffee shops, cabs. They fall out of pockets and bags very easily. But they also are stolen a fair amount. 70 million estimated phones are lost every year, with only 7% being recovered. All of those phones have personally identifiable information (PII) on them if you know where to look. And, if they’re used for work, it might contain confidential emails, documents, contact information, or access to all these things through an app, web portal, or VPN.
This is also the case if an employee leaves the company abruptly and there is no management software on the device enabling you to wipe the device of any proprietary data. Then, there’s the risk of man in the middle attacks when using unsecured Wi-Fi access points at coffee shops, restaurants, or anywhere else offering free Wi-Fi.
Do the Work Now, or Regret it Later
Though BYOD is convenient for workers it creates, or should create, a lot of work for the company allowing BYOD. First, there needs to be a policy in place and agreed to by all employees. A policy affords companies the ability to hold employees accountable when/if a breach occurs because of misuse or incompetence. So, if you’re sure your organization is ready to move ahead and will benefit from a BYOD policy, there are many things to consider:
- Does your user-base have the technical savvy to support their own devices and applications? Or do you need to have support capabilities in-house, or outsourced?
- Does your user-base require training to use VPNs over their phones or any other business-specific application? Who’s going to deliver that training, if necessary?
- Is your business data properly segmented in a way that segregates personal and organizational data?
- What are the device requirements (OS, RAM, CPU, etc.)?
- Will the company be paying for the phone plans? Will users be reimbursed for their own plan?
" 70 million estimated phones are lost every year, with only 7% being recovered."
With all those considerations and their answers noted and documented, you can then craft your written policy. Then, it’s up to you, or your IT team to enforce the policy. It is critically important that all users, from receptionist to CEO, buy in so that the company remains secure.
Say, though, that you’re having a little trouble putting together your policy. It’s easy to be a little out of your depth with a policy like BYOD. There’s a lot of ins, a lot of outs, and a lot on the line. That’s why it has to be right the first time, so let Atomic Data’s Security & Compliance experts review, edit, or create new policies for your organization. This will keep your organization above board should you be audited, and ensure that you and your employees make the right moves to avoid a costly data breach. Click the link below to get more info on Atomic Data’s Security & Compliance services.