What You Need to Know Before Your Company Adopts BYOD
What You Need to Know Before Your Company Adopts BYOD
The bring your own device (BYOD) movement continues to gain momentum, and is redefining the workplace. Organizations of every size in almost every industry now allow – if not actively encourage – employees to bring their own personal device (laptop, tablet, smartphone or USB drive) to the job for work purposes.
Although BYOD offers companies considerable advantages – such as a more flexible/mobile workforce, increased productivity and less expense on outfitting employees with hardware – there are significant security risks that can leave companies vulnerable to data theft and other cybercrimes. Before your company goes BYOD, be sure you take the necessary risk mitigation measures.
Considering the number of companies joining the movement, these statistics compiled by Insight put the importance of security into perspective:
• 59% of organizations allow employees to use their own devices for work purposes; another 13% had planned to allow use within a year (Tech Pro Research).
• 87% of companies rely on their employees using personal devices to access business apps (Syntonic).
• As of 2016, six out of 10 companies had a BYOD-friendly policy in place (Syntonic).
Writing for intranet company Interact, Lisa Michaels notes that a successful policy needs to comprise a total “security culture” that consists of the following components: Policy, People and Technology. Without all three working together, BYOD policy risks failure through non-compliance.
Policy – establishing rules and regulations
Employees need a detailed, yet easy-to-understand policy regarding BYOD rules.
A basic set of rules should include the following:
• Passwords – State the importance of using strong passwords for apps, and install a password manager to make passwords easier to use and handle. Combining password management with remote wipe/lock protection will provide an even stronger security measure.
• Lost or stolen device – Steps employee needs to do to report it, and what company will do to protect its data. For example, once the loss of the device is reported, the company will immediately remotely wipe the device. Employees need to understand that even if the device is recovered, all data – including their personal data – is gone forever (for all practical purposes).
• Limit the use of apps – According to Sam Imandoust, Esq., legal analyst for the Identity Theft Resource Center, apps can provide an open door to malware installation and data breaches.
• Installation of up-to-date security software on all devices.
• Regular back-up of all locally-stored data on a regular basis – With the afore-mentioned procedure for remotely wiping lost or stolen devices.
• Restrict the use of jailbroken or rooted devices on your corporate network – Michaels notes that while these devices may have increased functionality, they’re also more exposed to security threats. This is due to the fact that they’ve been modified to bypass standard protections offered by the mobile operating system.
• Only connect to a secure Wi-Fi network – Unsecure networks leave devices vulnerable to hacking and other types of attacks. Because employees may need to use their device in a location with public Wi-Fi, Michaels recommends companies deploy a secure virtual private network (VPN) to keep data safe from interception.
• People – the importance of employee training and commitment
A comprehensive policy won’t protect your company’s data if employees ignore it. To ensure employee buy-in and commitment, go beyond the initial kick-off meeting/training session to create a culture of compliance. Conduct ongoing education sessions about recognizing and avoiding online scams, sketchy websites or downloading random apps. Training could include webinars, videos, quizzes or – yes – PowerPoint presentations. Bulletins alerting employees to a specific threat can also be emailed and/or announced on the company intranet.
Technology – staying ahead of the cybercriminals
As security technology is constantly being updated, your IT department not only needs to stay current, but, as Michaels recommends, provide ongoing support for employee devices to ensure proper configuration and consistency among devices. As with the employee training component, continual involvement is key to keeping devices – and company data – safe.
Fortunately, overcoming the challenges of BYOD does not need to overwhelm your organization. DocuServe has the industry experience and solutions to protect company data in the BYOD work environment, keeping employees productive without risking data loss. Our eServe encryption solution provides content security in the cloud, mobile access, security at rest and in motion, encrypted data security, remote wipe and much more.
Contact us to learn how DocuServe can be the ideal solution for your company’s move to the brave new BYOD world.