Home Security BYOD (Bring Your Own Device) Model Remains a Big Question

BYOD (Bring Your Own Device) Model Remains a Big Question

BYOD woman working on her laptop

Even as some businesses are adopting the Bring Your Own Device (BYOD) model in work places, you may also be thinking on whether to join the bandwagon by allowing employees to bring devices like smartphones, tablets and wearables to the office. You may need to rethink this again – at least from security point of view.

If workers are able to connect their devices to the office network, physically or remotely, it pose a risk to your business network if their devices are infected by malware and viruses. There is also a potential threat to your company’s data security as when workers open company emails or download clients’ data onto their devices, that data could easily be misused by them or accessed by outsiders who are after crucial business data. Additionally, you face the risk of being liable for exposing your customer data if employees either intentionally or unintentionally wiped their personal data.

There have been reports of some companies being sued for such data leaks and inversely some firms have been ordered to compensate their employees for wiping off their personal data inadvertently while formatting their laptops during security checks.

Implement a BYOD policy

Whether you have drafted a BYOD policy or not, there is already an unwritten conduct code in place. Unless you are using physical means to bar staff from plugging their personal devices into your company’s network or from connecting to your email server, they are probably doing so by now.

In April 2014, Gartner researchers conducted a study and asked workers questions like, “Does your employer know that you are using personal device(s) for your work?” The interesting fact is that 19% of them replied, “I don’t know whether my employer is aware of it,” and 7% said “No – my employer is totally unaware.”

As evident from the study, you should have a formal BYOD plan which allows physical controls to either permit or restrict workers to connect to the company’s network with personal devices.

BYOD security: Man with iPhone

In order to make sure you come up with the right BYOD policy, you should decide properly who in your firm really needs access to what things. Different levels of workers will be having different needs, so you should consider a tiered-level access system. Some of them may need hourly access, while some may need just access to emails. Workers who need to check just emails could simply click on a link that lets them read email via a web portal, and that can be done with some security PIN.

However, note that this sort of restricted access can put the company in vulnerable position if your employee were required to also download attachments, as it would be visible to anyone who accesses the gadget. Now, if you decide to use only a PIN option to permit personal devices to access emails, you should be putting a controlled security policy in place which will prevent your workers from downloading email attachments to their personal devices.

For workers who may require to download and open email attachments, use company applications or even access company’s documents on their devices, you could introduce a company-wide policy that makes use of a containerized application, or maybe a secure workspace system, such as the AirWatch or the Dell Mobile Workspace.

BYOD: office worker with a tablet

With these security system controls installed, employees would be required to download the secured workspace app on their mobile devices, thereby ensuring all company business data goes through a secured containerized portion and then on to their personal gadgets. Your mobile admin would now be capable of tracking down what documents and applications on the company’s network are being accessed and they will be able to wipe off the containerized portion as and when an employee leaves the office or when the mobile device is lost or stolen.

Although BYOD model continues to grow in corporate offices, if you are thinking that it will save your firm more money, you could expect big surprises. A study conducted by Gartner in May 2014 found that most companies were spending more money as they have to pay for putting up a robust security programs to check data theft and so forth.

Here’s a useful infographic from Symantec to help you create your own BYOD policy (click to open a large version in a new tab):

Creating a successfull BYOD policy infographic small

How to manage security risks involving BYOD

So if you are positive about workers bringing their gadgets along to perform their daily tasks, you should think about developing a strong and healthy BYOD policy. Here’s some tips that will help you along the way:

1. You are responsible, not your workers

Employers must not rely on workers to protect or secure corporate data on mobile devices. It is known fact that employees routinely disregard and ignore company’s policy, and so employers are required to build a strong mobile device management controlling system by hiring data security firm.

2. Workers should sign BYOD policy agreement

Many corporate BYOD policies allow the entire mobile gadget, which includes personal info and photos that are not yet backed up, to be wiped off remotely by the company systems admins. Even though some businesses say they will not delete personal data, they often accidentally could. So, it is a must to clearly state what data could be wiped off.

3. Workers should backup their personal data

It should be made known to the employees that a remote device wipes can happen accidentally. As such, they should be made aware of the need to regularly back up their gadgets so they are able to recover personal data.

4. Workers must follow healthy cybersecurity regime while using mobile devices:

– Devices must at all times be password-protected.

– It is important to note that “shoulder surfers” can easily capture simple passwords. You should be careful just as when you are using an ATM – make sure you and your staff cover the keypad of your devices while entering passwords.

– One must keep devices up-to-date with the latest security updates.

Watch this short video overview of BYOD solution from HP which may help your business:

Final thoughts

So what do you think, is BYOD model good for a company or only for staff? Share your opinion in comments below.

Meanwhile, here’s infographics to check out before making a final decision about BYOD:

Benefits of BYOD

Benefits of BYOD by the numbers infographic

Threats of BYOD

Threats of BYOD infographic