Bring Your Own Device (BYOD) policies are popular at many businesses.
Employees are often much happier if they have the choice to use their personal phones and tablets on the company network. However, there are of course risks to this approach, so it’s vital that pros and cons are weighed and procedures put in place if this becomes your chosen route.
Implementing a BYOD policy presents several advantages to the business:
- It saves money. Employees who provide their own devices may not need a company-issued one.
- Employees are already familiar with the device. They won’t need as much training. They can use applications that they’re familiar with.
- Using their personal devices helps employees to be available wherever they are. They won’t want to carry a second device with them everywhere. Even Secretary of State Clinton wasn’t thrilled with the prospect.
- A BYOD policy is attractive to job applicants, offering them more flexibility in how and where they’ll be able to work.
- The IT department doesn’t have to maintain BYOD devices, so it can focus more on other tasks.
At the same time, there are definite risks in literally leaving people to their own devices. Employers can’t take a completely hands-off approach but have to establish policies that will keep the risk down without driving everyone away.
In all likelihood, personal devices will have poor security measures in place, creating several risks:
- Owners may not have encrypted their devices, and they may lock them with weak passwords or not at all. If they’re stolen, the thief could pull confidential information from them.
- People are often careless about the apps they download and install. This increases the chance of a malware or spyware infestation, which could steal information or send spam through the company network.
- Use of Wi-Fi hotspots can be risky. Public ones usually carry information over the air without any encryption, so it’s easy for anyone nearby to intercept information.
- Devices with old software could have vulnerabilities that criminals know about and take advantage of. Some people neglect to update their devices or don’t like the new features. Older devices may not accept the newest OS version, either.
Other concerns also play a part:
- The variety of devices, operating systems, and applications that employees use could cause compatibility issues.
- Employees may worry that the company is spying on their device usage, especially if they’re required to install any software.
- When employees leave, they may continue to hold company information on their phones and tablets. This extends the security risk to people who are out of the company’s reach.
Reducing Risks and Maximizing Benefits
A completely unrestricted BYOD policy carries heavy risks. One that’s too restrictive will discourage people from taking advantage of it. With some intelligent decisions, though, a policy can significantly reduce the dangers while giving people the freedom of using their personal devices.
- Require use of the company VPN. A virtual private network ensures end-to-end security, even over an insecure link. It reduces the chances of impersonation.
- Put reasonable restrictions on devices and operating systems. Don’t allow very old versions of the operating system.
- Enact a strong password policy. Easily guessed passwords are a major source of breaches.
- Demand device encryption. If employees work with certain kinds of confidential data, this is a legal requirement. It’s a good idea in general, though it might meet more resistance than some of the other protections.
- Declare some kinds of data off-limits. If encryption isn’t an option, a strict policy against having data such as Social Security numbers and credit card information on personal devices increases safety and reduces employer liability.
- Educate employees about safe usage. Let them use their personal devices only after they’ve taken a course on avoiding risks. Human error is the cause of most security breaches, and the more people know about the mistakes to avoid, the safer the network will be.
For some organizations, a BYOD policy is too big a risk. For many, though, it can improve employee satisfaction and productivity while keeping data safe. It’s all a matter of setting the right policies and following through with them.