Equipping offices with the latest technology is usually a costly affair that requires a lot of maintenance and investment. Many enterprises who were eager to find an effective solution found the BYOD policy. A bring your own device (BYOD) policy not only has the potential to save money but also gives employees an opportunity to combine their personal and work life in one device. Devices are equipped with the essential software for work but still remain useable for private use. Living in a technology-driven world means that people become easily accustomed to the latest technology they purchase and prefer to have the same ease-of-use at work. What turns out to be a cost-effective policy for executives and convenience for employees, is also a headache for the IT decision makers and security. So is BYOD worth it?
Among the advantages is flexibility. If a person needs to work away from the office, they can do without too much disruption. For many companies it saves on upgrading legacy technologies used in the office too, but comes with some concerns over security. Even though BYOD is designed for convenience and cost cutting, nothing should undermine security. Cases where data was compromised or where employees mistakenly or intentionally lost data is common and represent 24% of all data lost. Undoubtedly, supplying offices with technology costs money, but many see it as investing in more robust security.
Security issues may arise directly from the BYOD advantages - the fact that employees have a company's data on their own devices, creating a threat of its exposure as there can only be limited stipulation on how devices are used and what they are used for. Thus, before implementing the policy, data protection must include robust plans to deal with these potentially increased risks and processes need to be put into place incase of device loss. There needs to also be balance in actions taken as excessive monitoring of a personal device for work related purposes cannot impinge on the collection of personal data. There are 5 steps to help a BYOD policy avoid potential risks:
1) Make sure devices have the latest security software and malware protection and that there are frequent backups made to avoid disruption if the worst were to happen.
2) Access should be provided only to necessary data. Only give employees access to the data they need, both decreasing the risk of data loss and unsupervised access or manipulation.
3) Stay up to date with data regulations and laws, and the implications of breaching them.
4) Ensure employees are fully aware of the rules about using BYOD policy and agree to the terms and conditions before it is implemented.
5) Mobile apps and services such as Salesforce, Oracle, Google Docs, Zendesk and many others must be password-protected for every entry. If they are not, open applications become vulnerable and data can be easily retrieved at any time.