However attractive the cost savings of operating a bring your own device (BYOD) policy in the workplace may seem, allowing staff access to mission-critical apps and information on their personal devices, will always have its risks. The trick is in balancing out the financial efficiencies and operational positives against the potential impact of a handset being remotely hacked or falling into the wrong hands.
So is BYOD a security breach waiting to happen or are there ways to manage the risks and make use of personal devices in the workplace without dicing with flirting with disaster on a daily basis?
Managing the BYOD Ecosystem
Businesses will often become distracted by the issue of which types of devices should be allowed to access which important services. As a result of this selective approach there can be a reluctance to embrace BYOD policies because of a fixation on potential rogue devices connecting with legitimate systems and siphoning valuable data in the process.
The reality is that businesses should be less concerned with what devices are eligible to participate in a BYOD scheme and more focused on the types of apps and data which are accessible on portable platforms as a whole.
Successful management of BYOD comes down to the question of what services are best suited to mobile access and identifying what data simply cannot afford to be exposed to theft. Any action taken to block or ban certain devices and services will only lead to employees circumventing and overcoming these obstacles, creating more problems than are solved.
Staff are generally comfortable with using personal devices and public cloud solutions for work purposes, with or without the approval of the business, and so a properly managed BYOD solution should seek to nurture this in a productive and secure manner, rather than letting risk-taking behaviour become commonplace.
Outsourcing your IT to a reputable management company and harnessing mobile device management (MDM) platforms are two strategies that can reduce the risks of adopting a BYOD strategy, without overstretching your in-house resources. The assistance of third party specialists can be invaluable in this area, particularly where small businesses are concerned.
Some mobile manufacturers and OS developers offer their own MDM solutions, while others have cross-platform compatibility for a broader approach which factors in the wide range of devices that different employees are likely to own.
Identifying Weak Spots in Data Security
Businesses are regularly told that they risk having sensitive data stolen at every turn. But what value can criminals gain from stolen data and how might it be used maliciously?
Everything from customer records and payment information to details of business projects, sales figures and account passwords will be on the list of data that outsiders will want to get their hands on by any means necessary. And since hackers can gain access to this data either by gaining direct access to a device, such as a lost smartphone or laptop, or remotely over a network connection shared by vulnerable systems on which it is stored, every BYOD policy inevitably has to consider these weak spots.
If and when information is compromised, hackers can use it to perpetuate fraud, make illegal purchases and commit any number of additional crimes. Such actions cost companies and individuals around the world billions of pounds each year, which is why even small businesses cannot afford to ignore the risks they face.
Creating a Culture of Responsibility
It is not enough for businesses to identify potential weak spots in data security. Training staff in the safe, secure use of their personal devices is the best way to make BYOD work effectively in an enterprise environment.
As well as this companies must actively instil healthy habits in employees by seeking to engender a culture of personal responsibility, so that each staff member understands their own responsibility in keeping company data safe and the consequences of not doing so (both to them personally and the business as a whole).
Personal devices are intrinsically more valuable to workers than any equipment supplied by their employer, so the question of damage, loss and theft may be less pressing because people may have a vested interest in keeping a smartphone or tablet safe. That being said, people are more likely to have their own mobile phone on them most of the time, which means there are far more opportunities for it to get lost or stolen.
Businesses must ensure that employees immediately report any loss or theft of a device that contains or has access to sensitive data. Without this, incidents can go unnoticed and vulnerabilities may be exploitable for protracted periods. Enabling phone location services and the remote data wiping capabilities present on most modern mobiles is also sensible for the same reason.
It’s not good if a staff member waits until Monday morning to report their device stolen if it happened on Friday night. In these situations, speed can be of the essence.
Ultimately it is necessary for businesses to take pre-emptive action and create an effective, resilient BYOD strategy which can prevent security breaches, rather than frantically deploying one after a breach has occurred.
About the author: Dave Blackhurst is a Director at Evolvit a Bristol based IT support company helping some of the region’s most well known businesses. Dave is passionate about IT and helping businesses reduce their spend whilst improving service.
You can connect with Evolvit on Google + and LinkedIn or call 0845 880 4554.