As the bring your own device (BYOD) to work trend grows among employees, experts are advising that businesses must have policies and procedures in place or risk data loss.
Despite the benefits BYOD offers businesses and employees, which include lower costs and employee satisfaction, a number of hazards need to be addressed, says Protiviti’s IT consultant Ewen Ferguson.
“A key issue is the raft of devices available with their own operating systems. When a device connects to your network you don’t know what it will be or how it will behave,” Ferguson said.
Ferguson warns if employees are downloading potentially unsafe applications to their own devices, your company’s data is at risk – whether it be client and personal contact information to email lists and directories.
“If information is lost or stolen, even with a minor data breach, it can cost your business literally hundreds of thousands of dollars to fix. Not to mention the potential reputation damage as the media is quick to pick up on this type of story,” he added.
Businesses that plan to continue down the BYOD path must enforce and monitor clear policies that impact all employees within the workplace.
“Make it clear and easy for employees to know when, why and how they can access data to ensure everyone is on the same page about BYOD usage boundaries,” Ferguson advised.
Setting up devices with geo-location technology that feature password protection as well as working to separate personal and corporate data are other strategies that will help lower the risk of data loss.
Ferguson also has the following tips to mitigate the risks of data loss for businesses that support and encourage BYOD in their workforce:
1) Assess: The risks to your organisation and consider what you are trying to protect against, as well as how your employees might use their own devices.
2) Introduce rules and regulations: Introduce and enforce a simple and understandable BYOD policy. For example, are specific devices permitted? Who will own and pay for the devices and plans? What apps are allowed and banned? What kind of IT support and resources are provided to broken devices? Will you loan employees a replacement device while their device is being serviced?
3) Responsibility: Clearly establish who owns what apps and data. For example, if you wipe a lost or stolen phone, will your organisation replace personal music, apps or pictures (paid by the employee) if these items are erased?
4) Security: Ensure that each device is protected with a strong, lengthy alphanumeric password (not a simple 4-digit numerical PIN) and set-up each device to wipe out after ten incorrect password attempts.
5) Smart technology: Consider adopting technology such as mobile device management, which can segregate personal and corporate data and provide stronger controls over the corporate data. However, with all technology solutions ensure that the cost does not outweigh the benefits that the solution brings.
6) Employee departure policy: Establish an employee exit procedure. Consider the steps for when employees with devices on your BYOD platform leave the company. For example, how will you enforce the wiping-out of access tokens, e-mail access, data and other proprietary applications and information? How will you protect personal information prior to this wipeout?