ring your own device (BYOD) platforms are becoming ever more popular as individuals incorporate a variety of personal devices into their work environments. The integration of these devices into the business world provides a number of advantages such as increased mobility, efficiency, and accessibility to employees. However, these benefits are accompanied by elevated security risks and blurred lines regarding data ownership and legal responsibilities. Members of your organization are likely using BYOD platforms daily and it’s pertinent these users are educated regarding security best practices and your company’s BYOD policies.
What is BYOD?
Bring your own device (BYOD) refers to the use of an employee’s personal device for work purposes. BYOD devices can include laptops, smartphones, tablets, USB drives, and other mobile technology that can be used to access your business’s network and data from a variety of locations. Staff productivity and morale have been shown to increase when employees are permitted to use their personal devices for work-related tasks. Naturally, individuals tend to be more familiar with the equipment they own. And in addition, your business can cut costs on hardware and software purchases necessary without the use of BYOD platforms.
The International Data Corporation (IDC) predicts approximately two billion smartphones will be shipped across the globe by 2019 and up to 60 percent of these devices will be utilized in a BYOD atmosphere. The amplified use of BYOD platforms to access, save, and share important information is likely inevitable. If an outside device is capable of accessing your company’s data or network, a BYOD agreement should be in place to reduce security risks while enabling employees to have the resources they need to do their jobs well.
What should be included in a BYOD policy?
A BYOD policy agreement should cover standard protocol for issues concerning employee access to company email, contacts, calendars, and additional applications that could potentially endanger your network security. Champion Solutions Group surveyed 447 IT authority figures from an assortment of sectors and found less than half of the polled businesses had an established BYOD policy.
The exponential rise in the use of employee personal devices for daily operations can result in an increasing number of unsecured endpoints and unapproved practices. However, these security risks can be remedied by requiring employees to read and sign a BYOD policy agreement before connecting their device to your company’s network. The following elements should be implemented within your business’s BYOD policy to protect against a security compromise or employee conflicts.
1) Permitted devices/applications and support policies
A list of the approved or prohibited devices should be included in the BYOD policy agreement and your employees should be informed as to which devices will be supported by your business’s IT department. In addition, they should be aware of the application configurations and provisions necessary prior to accessing your organization’s network with their device. The policy should specify which applications are not allowed to be used on the BYOD equipment and provide a detailed explanation of the types of issues supported by your IT department.
2) Security and acceptable use policies
Permitting the connection of BYOD technology to your organization’s network can open a door to numerous questions regarding the acceptable use of an employee’s personal device. These questions may include policies concerning social media posts, browsing inappropriate websites, sharing objectionable content, or simply engaging in non-work related activities.
Your business should specify which activities are permissible and inform your employees of the sanctions and monitoring strategies in place. In addition, the BYOD policy agreement should include strict security protocols for employees to follow. Complex password implementation, idle lock time settings, and policies for lost or stolen devices are just a few examples of these procedures. Your business executives and internal departments should collaborate to determine what actions should be taken to protect your network.
3) Data/application ownership and employee exit protocols
The BYOD policy agreement should be especially clear as to who legally owns the applications and data on the employee’s device. Your business owns the personal information saved on the servers your employees’ access with their devices. If technology is lost or stolen, your business should have an established policy allowing for the equipment to be wiped of all data content.
Often, employees store personal photos, information, and purchased applications on their BYOD technology and it’s pertinent that your company have the legal permissions to delete potentially compromised content without dispute. It’s also vital to consider what will happen when an employee who uses a device on a BYOD platform leaves your company. If your business policies require for the device to be wiped of content, be sure to have a strategy for backing up the individual’s personal information.
4) Liability/risks and cost
Your company must delineate between the responsibilities of the employee and your organization where it concerns data liability and risks. If the employee is to be personally responsible for all service costs, data backup, hardware/software malfunctions, etc., these terms should be evident in the BYOD policy agreement.
What upcoming BYOD challenges will businesses face in 2016?
Technology is continuously evolving which requires your business to proactively address the security, liability, and acceptable use concerns that accompany these developments. As 2016 continues, your business may be required to manage innovative technology such as smartwatches, virtual reality gear, and even products like the Amazon Echo as they gain traction within workplace environments. Such devices are endlessly collecting data and when connected to your company’s private network, could pose risks the IT industry has yet to fully understand. It’s necessary your business consider not only the security of the information stored on such devices but the type of information you’re working to protect.
At Aldridge, we specialize in data security and can help your business develop a strategy to effectively manage your BYOD platforms. Learn more about how our mobile device management services can help protect your network.