Many small to medium sized Australian businesses have, or are looking at introducing, a set of Bring Your Own Device (BYOD) policies for employees.
With the widespread popularity of smartphones, tablets and iPads, it seems to make good sense to allow employees to use these personal devices for work purposes. In fact, over 74% of organisations either already have a BYOD policy in place, or plan to have one in the future.
Before simply allowing employees to start using their own devices to complete work, businesses need to consider a number of different variables, including their own IT networking capabilities and security solutions.
If your business is thinking about implementing a BYOD policy, it’s worth weighing up both the benefits and costs, and determining what you should include in your policy.
One of the major benefits of BYOD is that employees get to use hardware that they are familiar with and comfortable using. Rather than forcing them to use a new device, for which they may need training, employees can hit the ground running with their own mobile devices. Studies have also shown that by giving employees the freedom to use their own devices, employees generally see a rise in satisfaction, which in turn boosts productivity.
BYOD is gaining popularity with IT firms because it shifts hardware budgets away from the business and onto the employee. Rather than having to purchase new workplace phones and laptops for all employees, employees supply their own devices and usually pay all, or at least some of the associated services.
When compared to traditional business technology cycles, BYOD devices are often upgraded more regularly, due to employee interest in having the most cutting-edge hardware available. Of course, this means that companies also benefit from the latest features, and the capability of working with modern software packages.
BYOD is Seen as a Job Benefit
BYOD programs are a great recruitment and retention tool, as potential candidates will be keen to work for a company that allows them to use devices they are already familiar with. Many professionals view BYOD as a perk, where it shows that your business is progressive and technically enabled.
The Security Risk:
While a BYOD policy can save your business money and boost productivity, the primary concern for all IT decision makers is whether BYOD introduces more vulnerabilities into the business.
If you allow employees to utilise BYOD in the workplace, you may experience security risks associated with:
Lack of Firewall or Anti-virus Software
People are often careless or uninformed about the apps they download and install. With a personally owned device, businesses have less control on the kind of software being accessed and security protocols being employed. This leaves devices more vulnerable to malware and other malicious activity which could cause havoc to your business system.
Lost or Stolen Devices
If devices with company data are misplaced or stolen, third-party individuals may be able to gain access to confidential business information – especially if the device isn’t secured with passwords or encryption.
Accessing Unsecured Wi-Fi
Since employees will mostly be using their devices outside of the workplace, there is a chance they will access unsecured Wi-Fi networks. Whether an employee uses unsecured Wi-Fi connections at airports, coffee shops, stores, or even their own home, hackers can connect to the same networks and eavesdrop on emails or copy passwords as they pass over the network.
People Leaving the Company
If employees leave the company abruptly, you may not have time to wipe devices clean of company information and passwords.
This can cause real issues if an employee leaves the company but still has corporate data contained on their personal device. Information left on an ex-employee’s device could easily be accidentally or deliberately leaked, which could lead to serious business ramifications.
Reducing Risks and Maximising Benefits:
BYOD policies are best developed after a software solution has been determined, as the software solution will greatly impact how you manage BYOD in your company. Formal BYOD policies coupled with the functionality of cloud-based services allow for a low-cost and balanced solution so that small and medium-sized businesses can maximise the benefits of employees using their own devices while still safeguarding company data.
Here are some elements which should be included in your company BYOD policy:
Educate Employees About Safe Usage
Human error is the cause of most security breaches, so educating employees about the mistakes to avoid, is one of the best ways to make the network safer.
Employees need to be across ‘best practice’ when it comes to data security. Train your staff on how to use their devices safely, how to avoid traps set by scammers, and what they should do if their device is lost or stolen.
Require Use of the Company VPN
The best way to protect company data from interception by other network users is to encrypt it, using a company VPN.
A virtual private network (VPN) ensures end-to-end security, even over unsecured networks, where all data is encrypted and protected from other users.
Put Reasonable Restrictions on Devices and Operating Systems
BYOD is cost efficient for businesses as it eliminates the need to purchase any new hardware for employees. While this may be the case, employers should put restrictions in place regarding the age of devices and operating systems
Not only are old operating systems extremely slow, but they are most likely to be incompatible with new software, and more vulnerable to security risks.
Enact a Strong Password Policy
Passwords are the first line of defence when your device falls into the wrong hands. Despite years of being told we should have strong and unique passwords, people are still using predictable patterns to secure access to confidential personal and business information.
Easily guessed passwords are a major source of breaches, so enacting a strong password policy is vital in ensuring data stays protected.
Demand Device Encryption
Proactive encryption measures are required in organisations that enable employees to use the same device for non-work and work-related purposes to remove business risk.
Encryption provides one of the most robust defences against security breaches between different networks and should be implemented across all BYOD devices.
Prepare for Departing Employees
Traditionally, when an employee leaves the company, the data and information remains with the company, where the employee will no longer have access once they have left.
Unfortunately in a BYOD environment, employees do not hand over their devices when they leave. Instead businesses need to prepare and run through a series of procedures for cutting off employees’ access to the company network, business email accounts and other company programs and files which they can access from their personal device.
Set Parameters for Data Access
BYOD is definitely one area where information should be treated on a ‘need to know’ basis. Before rolling out your BYOD policy, decide who in your business needs to access company files and applications, what information they should be allowed to access and from what devices.
The more information an employee has access to, the more data a thief or finder of a lost device can wreak havoc with. So segregating data where necessary, making use of encryption technology and implementing procedures that enable data to be wiped out remotely are all crucial in safeguarding company data.
While there are security risks associated with BYOD practices, most employees are going to use their own devices for business purposes whether you like it or not. The key to an effective BYOD strategy is to educate employees and enforce policies and procedures to safeguard company data. When implemented correctly, BYOD can increase productivity, boost employee morale and cut costs.