Security, trust and your business on the line
80% of employees are now utilising ‘Bring Your Own Device’ (BYOD) in the workplace according to a survey by MobileIron. This means that even if you have the latest in security across your network, unless you have a BYOD policy in place, 50% of the devices used within your business are out of your control.
Even if you don’t officially allow personal devices to be used for work purposes, an individual’s preference for a certain device means that employees are likely to attempt to work around this. This leaves your business open to a plethora of threats.
Sweep Those Threats Aside
When implemented and monitored correctly, BYOD can:
- Reduce capital expenditure for hardware
- Reduce support costs
- Increase employee satisfaction
Follow our quick guide and take back control.
Devices are unlikely to have the same antivirus and firewall protection as the computers in your office. This, coupled with the risk of loss or theft makes BYOD a volatile component of your business. If data is exposed to an unauthorised person, it is your company that will be fined, not the employee at fault. Are you leaving your business open to data-theft and hacking?
Solution: You should ensure that all devices are logged with you and that appropriate security software is installed on each one. Never allow a jail-broken or rooted device to access your network: ensure a ‘minimum device requirement’ is written into the BYOD policy. Check that your end-user is ‘tech-savvy’ enough to use the device safely: if not, provide training.
Ensure that all ‘apps’ used for business purposes are licenced and that all team members have a secure locking system on their phone. Are procedures in place should a device be lost or stolen? For instance, ‘apps’ are available that will delete data if the incorrect passcode is entered too many times or locate a lost or stolen device and remotely erase sensitive data.
Issue: Social Media Meltdown
It’s difficult to restrict access to social media on a team member’s personal device. After last week’s Silk Road revelations, you may also have concerns about employees utilising the ‘dark web’ for illegal purposes via their devices, putting your business and reputation on the line.
Solution: Put a Social Media Policy in place, outlining what is authorised on the device. Alternatively, set up a specific Wi-Fi network for devices to connect to that restricts access to certain websites during the hours of work. It is then possible to unblock certain websites for users who require access to perform their roles.
Issue: Mixing Business & Pleasure
Devices are likely to be used for both business and personal purposes. A device is likely to hold personal photos, emails, videos, text messages, emails and ‘apps’ which may be inappropriate or unlicensed, placing your company at risk. There is also the danger of emails being sent without appropriate legal disclaimers at the bottom.
Solution: Communication and education on the safe use of devices is crucial. Implement a BYOD policy stating exactly how business should be conducted on the device and make staff aware of particular issues surrounding the use of devices. Emphasise the need to keep company and personal data separate. Don’t forget to check that your HR and legal policies allow for the storage of personal and business data on the same hardware: they may need amending.
Just 30% of BYOD users trust their employer to keep their data private according to research by MobileIron. Mistrust mainly arises from confusion about what an employer can see on a device with the biggest worry being that employers are monitoring their text messages or photos.
Solution: Your BYOD policy should include details on exactly what the company has access to on each device. Unless an individual is conducting personal business via a company email account, you should not need to access their personal data. In fact you would need specific permission from the employee to do so, which can be revoked at any time.
The problem arises when a team member leaves your employment and you need to erase company data for security reasons. However, there are ‘apps’ available which allow you to isolate company data and erase it remotely without accessing personal files.
Who is paying for call and data costs for these devices? Ensure there is a transparent and user-friendly policy in place for claiming back appropriate expenses.
Need someone new to take on the challenge?
Do you need a new team member, perhaps to take on new project such as implementing a BYOD policy? Here at Langley James, we know how to find the most vibrant and talented IT professionals available. Whatever your requirements, permanent or contract, and up to the highest level of seniority, we can find you the ideal candidate. To discuss your IT recruitment needs please call us on 0207 099 4839 or email us at firstname.lastname@example.org.