As workplaces embrace the trend to ‘bring your own device’ (BYOD), enterprises need to think through the security implications of letting personal devices onto their networks. There are many positives for companies and employees in allowing users to bring a personal device to work, and the move to BYOD is only set to grow. In fact, a report by Global Market Insights found the BYOD market is on course to hit almost $367 billion by 2022 – a 10-fold increase since 2014.
But that means IT managers need to be on the front foot when it comes to BYOD security.
Put good governance and security in place from the outset
Establishing clear guidelines around BYOD use can prevent headaches further down the track. Formalizing a BYOD policy means getting everybody on the same page by reinforcing the security concerns of enterprises upfront.
Other aspects of good governance include registering devices, getting users to sign an acceptable use policy, and ensuring all employees are informed of potential security concerns immediately.
By far the biggest issue around BYOD is privacy. To alleviate these concerns communicate the rules and procedures governing hardware and data loss, explain what monitoring may take place, and what the consequences of a loss could be.
Benefits of BYOD
Benefits abound for companies and employees. BYOD means lower overheads for startups, and lower hardware and associated maintenance costs for established companies. Employees can work with the tools and systems they are familiar with, saving the time and energy needed to learn a new operating system. It is also practical for remote workers. However, perhaps most important of all is that companies enforcing BYOD have reported greater employee satisfaction.
A few drawbacks
Embracing BYOD might mean giving up a little bit of control over IT. The biggest threat is leaving the company exposed to a cyber attack on its websites or data. Cyber attacks can lead to lawsuits and substantial fines, not to mention significant damage to a company’s reputation.
Common security risks include local exposure, data leakage, data loss, and access to data from friends and family at home. Employee concerns surrounding privacy are well justified, as companies can legally access all their files – personal or not – if their device can access company servers and networks.
It’s also worth noting that BYOD can often create technical challenges such as connecting to Wi-Fi and device compatibility for transferring files.
Implementing a BYOD policy
Getting the implementation right will ensure a smooth transition. Decide what devices are allowed on the network and then maintain an accurate inventory.
Design a security policy that includes acceptable use – and don’t forget to cover yourself when the employee leaves. That policy should include disabling emails, changing network access passwords, and wiping company files stored locally.
Confidentially is also an important aspect of the policy. Company and employee information, as well as customer data, have the potential to be compromised as soon as it walks out of the office on a smartphone.
Finally, make sure all devices are software-compatible with company systems.
BYOD has brought ease into the workplace, reduced IT costs for businesses and increased productivity among employees. But as the value and shape of information change, enterprises will need to be on the front foot to ensure security is airtight.