Bring Your Own Device, or BYOD, has become a very popular option for businesses seeking to save a bit of their budget on obtaining and maintaining devices for their employees. While this is an economically commendable practice, it has the potential to generate risks for your business if left unchecked. Let’s discuss the pros and cons of BYOD, and how you can make it work for your business.
Unfortunately, for all its benefits, there is no shortage of drawbacks to BYOD - at least, if it is implemented without conscious deliberation and preparation. Here, we’ve listed a few such drawbacks:
Do you really expect an employee to have a personal device that isn’t for personal use? If this device is used for work purposes as well, it can become very easy to combine this data and put some of it at risk. What if an employee who brought their own device in then left the company, the device in question full of your company’s sensitive data? Without some kind of policy in place to eliminate this risk, BYOD is simply too risky to allow.
Unfortunately, a poorly-strategized BYOD policy opens your business up to a variety of issues that could have severe and lasting ramifications.
This is mainly due to the many risks that mobile devices inherently have in terms of data leakage, malware infection, and other vulnerabilities. If your employees aren’t vigilant in keeping their devices updated and secured, your network will be subject to the same vulnerabilities. Malware infections can also be introduced via an employee not treating their device as carefully as they should be. If malware is installed on their device, it can easily be spread to your network - free to wreak havoc and steal data.
This one is admittedly less of an issue as it is an inconvenience. Simply put, adding an influx of devices and ensuring that your IT remains compliant to any policies can be a huge investment of time - and if not done correctly the first time, this investment will only grow.
As we briefly mentioned above, any BYOD initiative you introduce to your company needs to be controlled through a stringent use policy. This policy needs to clearly describe how an employee is to use their device during work hours, as well as the prerequisites that your employees need to abide by and agree to in order to use their own device. We recommend the following:
This technology helps to keep any company data isolated from any personal data on the device, which means that it allows you to control your data without intruding on an employee’s privacy. As a result, if a device is stolen, you can remotely remove any business data from it to ensure your data is protected.
Another precaution to enact is endpoint protection software. This software essentially performs a preemptive security scan of any device trying to access the network, identifying if a device has been infected. This means that your network isn’t introduced to whatever malware is present on the device, and the owner is then aware of their security issue as well.
The fact of the matter is that not every employee needs access to every byte of data you have. Therefore, it makes sense to implement role-based access controls. These controls can help keep an employee focused on the data they need for their work duties, and can help you identify where a breach occurred, should one happen. Some access controls can even prevent a device that isn’t up to date from connecting to the network at all. You should also investigate two-factor authentication measures that might assist you in limiting access to those who should have it.
Finally, you also have to consider what to do if something happens to one of the devices that has been used for BYOD purposes. First of all, you need to have your employees agree to have a lost device wiped remotely, applying the necessary solutions to each device used. Your employees also need to report a lost or stolen device immediately so these precautions can be put to use.
Finally, should an employee leave your business, you also need to make sure you have already secured the authorization to remove your company’s data from their device. You don’t want someone walking around with access to your data, whether their departure was amicable or not. Including this in your BYOD policy will ensure that anyone who leverages their mobile device is aware of your capability to remove your company data from their device, and will allow them to opt out of BYOD if it makes them uncomfortable.
With these policies backing up your Bring Your Own Device planning, you should be able to make use of a great productivity tool without sacrificing your data security. For assistance in putting BYOD into practice, reach out to i-medIT at 630-549-6199.