BYOD Without Compromising Security
Employees used to only be allowed to use company-issued devices, but with the rapid adoption of smartphones and tablets in the consumer market, just about every employee now carries one or two devices along with them to the workplace. Sooner or later, these personal devices are inevitably used for some work-related duties and/or connected to some parts of the company’s IT network.
However, BYOD (Bring Your Own Device) isn’t just tolerated in the workplace – it’s welcomed with open arms. In fact, for many companies, employees’ personal devices are vital for day-to-day operations.
Research from Syntonic found that almost 9 in 10 (87 percent) companies depend on their employees’ ability to access mobile business apps from their personal smartphones. Global Market Insights also predicts that the BYOD market could hit $366.95 billion by 2022, up from just $94.15 billion in 2014.
A significant factor behind BYOD’s steadily growing popularity is the fact that both the company and the employees stand to benefit. For companies, it helps to reduce IT costs and boost employee engagement outside the office, and for employees, it boosts job satisfaction and enhances productivity.
A study by Sapho found that using personal devices saves employees an average of 81 minutes per week, and 78 percent of employees feel BYOD help them achieve better work-life balance.
However, these benefits come with serious security concerns including loss or theft of device, using unsecured devices, data loss, man-in-the-middle attacks, jailbroken devices, software security vulnerabilities, and malware. The challenge for corporate leaders is to create a BYOD strategy that allows employees to make the most of BYOD without compromising on security.
Here are the top three ways how business leaders can reduce the security risks presented by BYOD.
1. Create a Well-defined BYOD Policy
Companies should put in place a clear set of guidelines around BYOD. The strictness of these guidelines depends on the specific industry. For example, companies in healthcare or finance that handle and store sensitive personal data from their customers need tighter policies than those in manufacturing.
A cohesive BYOD policy should address the following questions at the very least:
- Where will data from BYOD devices be stored?
- Which apps are employees permitted to access from their personal devices?
- What are the minimum data encryption, inactivity timeout and password requirements?
- Which websites are prohibited to access while connected to the company network?
- What company-owned assets (emails, calendars, documents, contacts, etc.) employees can access on their personal devices?
- What remote wiping permissions (lost device, terminated employee, data or policy breach, etc.) will the IT team be able to exercise?
2. Clearly Communicate Your BYOD policy
It’s not enough to create a BYOD policy, companies must make the details of these policies explicitly clear to employees because they are only as successful as the people using BYOD understand them. The best way to do this is by implementing ongoing employee security training. This can include:
- Holding regular cybersecurity training seminars
- Creating a detailed guidebook around BYOD
- Scheduling one-on-one sessions with each employee
The key is to create and nurture a trusting environment in the workplace where employees don’t feel like their personal freedoms are being infringed upon by the policy but rather like they are being educated about the reality of BYOD and being empowered to make the most of it in a safe manner.
It’s also important to make sure that all employees sign an agreement acknowledging that they have read and understand the BYOD policy. This offers the company critical protection from any liabilities associated with employees engaging in illegal or inappropriate behavior on their BYOD devices.
3. Implement Mobile Device Management (MDM)
Mobile device management (MDM) software such as VMware or AirWatch enables companies to monitor, manage and configure all BYOD devices from a central location. With MDM, employees can access company information in one secure location that is separate from their personal apps.
This allows employees to use their phones for both their personal life and work duties without compromising the security of the company’s data. MDM also makes it easy for IT teams to quickly respond to and contain threats and minimize damage in the event of a breach or attack.
A good MDM software should enable your IT team to:
- Automatically, regularly back up company IP to the cloud
- Perform vulnerability scans on the company network
- Block devices with potentially compromising apps
- Update anti-malware software as needed
- Perform updates and patches remotely
- Wipe lost or stolen devices remotely
BYOD is all about finding the delicate balance
Today’s employees are bound to use personal devices at work in one way or another, and there’s nothing companies can do to stop them. The key is to find the right balance between having a robust policy that manages the potential risks associated with BYOD and staying mindful of employees’ privacy.
Let the specialists at ASB Resources help you create the right BYOD policy. As one of the top IT solutions providers in the country we are equipped with the necessary knowledge, experience and expertise to guide you in leveraging BYOD for more productivity without becoming intrusive on your employees. Schedule a chat with one of our experts today!