BYOD and Data Breaches: Is Your Company Taking the Proper Measures?
With the expansion of technology, more businesses are able to hire international employees or offer remote work flexibilities. As a result, more individuals are finding themselves using personal laptops and other devices for official work purposes. This arrangement not only saves businesses the cost of issuing company laptops, tablets, and mobile phones, but it also saves employees the hassle of carrying two separate devices for work and personal use.
A survey by Ovum revealed that in 2013, 56.8% of employees accessed company data from personal devices, a number that jumped to 69.2% just one year later. Typically, employees use personal devices to check and answer emails, access files, and network with colleagues and clients via phone. While bringing your own device (BYOD) to work may be a convenient practice for companies, there are several risks businesses must consider including exposing company information, trade secrets, intellectual property, client or personnel data, confidential financial data, legal information, business strategies, and more.
For Dell, this is a concern became a reality when they announced that half of their customers with BYOD policies have suffered a breach in data security. Many companies have adopted BYOD security policies to prevent similar information leaks. Furthermore, other companies have turned to BYOD consultants to implement new security policies. However, an influx of these policies can leave employees feeling "“ correctly or not "“ that their personal privacy has been violated.
What's the solution?
When designing your company's BYOD policy, it is crucial to consider your company's needs and potential issues. Taking proactive action can save your business time and money as well as keep employees from unwillingly causing embarrassing or even devastating security leaks.
1. Set a limit
Limit the types and models of devices employees can use in a BYOD program. This simplifies BYOD program implementation significantly for IT departments, and makes it easier to implement and ensure security protocols.
2. Increase internal security
Restrict the number of employees with access to sensitive data. Improve passwords, means of authentication, and data encryption
3. Create authorization procedures for downloads.
Make sure employees know to consult IT before downloading anything that could be questionable (and clearly define what "questionable" means to you). They'll still be able to use their favorite games and photo sharing platforms, but unknown apps will need to be approved first.
4. Develop policy for specific situations.
Set up a remote lock or wipe feature for lost or stolen devices. Have a plan in place for dealing with data on devices of individuals who leave the company, for whatever reason. Consider creating a secure platform for opening emails and attachments. Decide if and how you want to restrict printing documents from personal devices.
5. Inform employees of the changes.
Communicate to employees that their personal photos, texts, emails, and web activity will not be monitored or tracked by the company, as long as they are not using company accounts or servers. Avoid cutting off access to things like social media or video channels. This will make employees resentful and suspicious of "Big Brother." Instead, set fair policies for personal device use during work hours.
6. Comply with the law
Check federal and state laws regarding employee privacy and BYOD policies. Laws are changing rapidly due to emerging technologies, especially with regard to personal passwords and social media. Confirm that your new policies are compliant with any recent legal changes.
BYOD programs can save companies money, but they can also be a big investment. Crunch the numbers, and decide if it's more cost-effective for you to implement a BYOD policy or issue company devices. It may be that you want to use a mix of both, either due to security stratification or to see which works better. Companies should aim to create positive changes to make current technology work for everyone. A well thought out BYOD policy makes that possible.