Trends towards flexible working and the proliferation of personal devices has seen an increase towards the adoption, in part or whole, of Bring Your Own Device (BYOD) policies. A report by Gartner from back 2013 predicted that BYOD would be implemented across 50% of organisations by 2017. It’s a figure already surpassed, with over 70% uptake in the policy.
And while there are some significant advantages to BYOD, particularly around managing costs and increasing productivity in a flexible work environment, the move also comes with some very real risks attached. They’re not insurmountable risks and not especially a reason to abandon any BYOD policy. But these risks can open the business up to significant problems if you’re not aware of them and have contingencies in place to overcome the dangers.
Data leakage is a major concern, not only for IT managers, but for business leaders in general. Loss of data or a breach in its integrity can have some serious implications on the business. And when you let company data be accessed from personal devices, you’re opening the business up to potential new data loss risks.
If a staff member loses a mobile device that’s been used for work purposes then any data on the device is at risk. Company-owned devices will have likely had necessary security measures installed to ensure that risk has been minimised in the case of a lost or stolen device. Staff owned devices may not have the same levels of security.
Can a policy of monitoring be introduced to your operation allowing the IT department inspections of personal devices to check their suitability for work?
Data Misuse / Abuse
BYOD can also bring with it increased possibilities for data abuse, if not monitored sufficiently.
What happens when an employee leaves the business?
If they have sensitive business data remaining on their device, there’s a real danger of that data being passed on – either accidentally (selling or upgrading a device, perhaps) or deliberately (if moving to a competitor, for example).
It’s a reason to implement acceptable use policies for mobile devices in the workplace (including remote work) with a clear understanding of the legal sanctions in place should there be a violation. Alternatively you could introduce barriers to what material is accessible remotely or even have a remote wiping facility that can remove data from a device remotely.
Company-owned devices will (or should) be routinely checked to ensure that up-to-date security measures are in place. With the latest anti-virus software and security patches in place.
Understanding that individual devices may have inadequate security measures in place – making them vulnerable to attack – can help abate the risk. Introducing a fit-for-work policy on devices, ensuring through inspection that devices are robustly protected before being allowed on the network, can help reduce such vulnerabilities.
When a company implements a BYOD policy, you need to have a clear understanding why it’s being introduced at the outset.
Are you, for example, allowing personal devices because, as everyone has them, stopping it was becoming impractical?
Without understanding the how’s and why’s of BYOD usage at work, you can put a strain on your IT infrastructure not necessarily set-up for the new devices. For instance, a device used for work alongside personal reasons can potentially cause bandwidth issues that can slow operations in the office.
There are a number of compelling reasons you may wish to introduce BYOD into the business. But understanding why it works for you, while being aware of associated risks, will help you implement in a positive, productive and safe fashion.