Over the past couple of years there’s been a trend among many SMBs in the UK to move towards a Bring Your Own Device (BYOD) culture. Essentially, a work environment in which employees use their personally-owned devices to carry out functions within their job roles. As consumer technology in the form of smart phones, tablets and other emerging mobile devices gets more sophisticated and powerful, so comes additional demand from employees to utilise them in their work.
The Concerns over Security
However, there’s one overriding issue that remains a major concern with the wholesale adoption of a bring-your-own-device culture – namely, security.
Internet security is a very real concern. The threat of cyber-attacks, data theft, DDoS and hacking incidents has never been higher, with SMBs ever more attuned to the costs attached to such incidents. In a BYOD environment, these concerns can be amplified, given the system’s exposure to a more eclectic range of devices and a perceived lack of central control.
As the global business community views a cyber-attack as a near inevitability, your owned-device security strategy would be best served from a ‘when’ not ‘if’ standpoint. So, in order to alleviate some of these security concerns, businesses should put into place a number of peace of mind processes.
Encryption has been a security measure for centuries in one way or another, and remains an effective solution in the digital age. Hiding the data behind an encryption cipher brings an added layer of security to a BYOD culture. Should an employee’s device fall into the wrong hands, or maybe be sold on after an upgrade without sufficient wiping of data, then the data will be unreadable without the encryption key.
Put an Effective Mobile Device Policy in Place
It’s advisable to consider exactly what information can and cannot be accessed by individually owned devices. UK Government guidelines on BYOD policy suggest designing your network to ensure staff-owned devices can only access information you’re willing to share. This can be underpinned by having staff sign up to a policy clarifying responsibilities, obligations and potential sanctions if breached.
Protection against malware and viruses
Again, if you allow personal devices to be used in work, then it’s imperative that your IT support has access to them for the overall security of the business. Any device used needs to be assessed to ensure it is fit for purpose and any required anti-virus software or firewalls should be installed, with regular inspections carried out.
Regulate Messenger Usage
52% of data leakage incidents are from internal sources in a business, with instant messenger services a notable weak-spot. By regulating the use of services such as Skype, Facebook and others that offer file transference facilities, it may help reduce the risk of sensitive data falling into the wrong hands.
Control Sensitive Data from Remote Locations
Putting measures in place to control what can be accessed when working remotely can add protection to sensitive data. This might come in the form of company policies which outline what can be accessed on less secure public networks, or multi-level identifiers to gain access to the network. A password plus secondary authentication adds another barrier should a device fall into unscrupulous hands.
A BYOD culture can bring a number of key benefits from cost-effectiveness, productivity and employee satisfaction. However, allowing privately owned devices access to your network, can expose your company to very real security risks – risks which must be addressed to protect the integrity of your data, and the safety, bottom-line and reputation of your business.