Five ways to embrace the BYOD boom without risking your information

With companies encouraging employees to use their own devices at work, it's more important than ever to consider potential security liabilities

11Mar

Employees on the Walmart sales floor are responsible for managing inventory, checking prices, reviewing sales data, scanning products and many other responsibilities that require access to the internet and application-specific software. This past fall, the retail giant announced it was providing its team members with a new tool to make their jobs easier: Their personal cellphones.

Walmart's 'bring your own device' (BYOD) program is a reversal of a previous policy that banned cellphones at work. The program allows employees to perform work-related tasks with their own devices in exchange for a discount on cellphone bills.

The announcement makes Walmart one of a growing number of companies that have implemented a BYOD policy to keep pace as the nature of work evolves thanks to the IoT.

The disappearing divide between work and life

Make no mistake, the IoT boom is only getting started. Over the past five years, the number of new devices connecting to the internet has increased by about 3 billion each year, according to Statista, making for relatively modest annual g

rowth. That number is set to balloon as we enter the next decade as research firm IHS Markit predicts the number of connected devices will reach 30.7 billion in 2020 and 7 5.4 billion by 2025.

The soon-to-be ubiquitous nature of the IoT has important implications for business leaders — and not simply because of the opportunities it creates. An influx of connected devices on the consumer side means your employees will expect to have access to the internet (and to their own personal data) from anywhere, including the workplace. The separation between personal data and company data will all but disappear, with employees using the same devices to access both.

Implementing a BYOD policy will become a necessity for companies looking to remain competitive in securing and retaining top talent. It will also matter for companies increasing their reliance on full-time remote workers, freelancers or off-site employees.

But such a policy is not without risk. Lost or stolen devices pose a significant security threat, as 40% of company data breaches occur after a device has been lost or stolen. Perhaps more concerning, half of all companies that have a BYOD program in place are ultimately breached via employee-owned devices.

Minimize risk and optimize BYOD policies

Luckily, there are ways employers can mitigate risk and still enjoy a boost in employee productivity and engagement — and a reduction in costs — that this type of policy provides. Here are five steps to begin implementing your own BYOD policies.

Take security seriously

There are many ways you can integrate mobile device security into other IT solutions: Use companywide anti-malware software that includes a mobile version, combine mobile device monitoring with your 24/7 network monitoring solution, ensure your data backup solution works with mobile devices and configure your intrusion detection system to notify admins whenever an unrecognized mobile device tries to connect to your network.

Regardless of which security measures you choose to implement, it's imperative that you take BYOD security seriously. Employee devices represent the most likely attack vector for hackers and cybercriminals who want to disrupt your business.

Tap into mobile device management (MDM)

MDM solutions can balance out privacy for team members and data control for employers. The software simplifies the process of deploying, securing and connecting devices to internal documents, allowing businesses to manage employee devices from a single dashboard.

The inventory management features of MDM software are incredibly useful, providing real-time information on employee devices and their security statuses. The software also allows employers to set up remote wiping capabilities, always-on encryption and stringent PIN requirements, all of which are required by regulations such as HIPAA and the Sarbanes-Oxley anti-fraud law.

Monitor for security

Many organizations think MDM is something you can set up initially and then allow it to work its magic. Not so much. You need to continually monitor company data and applications to verify that everything is secure. That monitoring process should also check that employees' off-hours habits don't jeopardize any company data.

For instance, it's a good idea to set up your MDM software to prevent users from downloading unverified apps or email attachments that could endanger their devices. Here's a quick tip: A platform like Microsoft's Enterprise Mobility + Security can make it effortless to manage your company's BYOD program.

Train your employees and conduct routine audits

Employees don't go out of their way to make risky decisions. They just fail to understand the implications of their actions, which could affect their employment and even the overall health of the organization.

Go out of your way to monitor and review the records of every device your team uses. While a smartphone might have been perfectly safe when one of your employees first purchased it, that same device could be a tremendous liability only a few months later. Provide routine training sessions as necessary, with a goal of keeping your team members updated on BYOD policies to eliminate as many unsafe practices as possible.

Encrypt your data

A shocking 76% of companies do not encrypt mobile devices. It's worth emphasizing that a BYOD program takes data beyond the control of many other enterprise security measures, meaning organizations must encrypt sensitive data at rest and in transit. Encryption ensures that the contents of sensitive files are protected even in a worst-case scenario such as a stolen device or traffic being intercepted over an insecure network.

If you're feeling overwhelmed when thinking about BYOD security or you believe your company is vulnerable, consult an experienced cloud security provider. The right provider will help you map out a comprehensive security system — including backup and disaster plans — that will put your mind at ease.

Tackling multi channel retail in 2019 small

Read next:

Tackling multi-channel retail in 2019

i