If your company encourages employees to “bring your own device” (BYOD) then that means employees will be using their personal devices to connect to your business’ network, assessing work-related systems and sensitive corporate data on their personal phones, tablets, or laptops.
For many employees, BYOD’s appeal is the freedom to use devices they’re comfortable with and the ease of having only one device. However, the drawbacks can potentially offset those savings if companies don’t take appropriate precautions. In contrast to the consistency of corporate-owned devices, BYOD programs tend to be burdensome to IT staff who must manage, troubleshoot, and secure a wide variety of devices.
The biggest concern with BYOD is security. When companies lack centralized control over the mobile devices employees use, it is much more difficult to enforce the security policies, software updates, and patches that keep company data safe. That’s critical because mobile phones, in particular, have become a popular target for phishing and other cybercrimes.
Malware infections, unauthorized access to sensitive company information, outdated operating systems, and lost devices – these are just a few of the vulnerabilities inherent in mobile devices and, as a result, in BYOD.
Here are four ways to ensure employee-owned devices drive productivity without compromising corporate data and security.
1. Be proactive and address potential BYOD security risks
Even when companies haven’t officially established a BYOD policy, they need to be aware that employees may choose to access or perform work on personal devices. Many employees now have more freedom over their day-to-day workflows, and most companies are more reliant on cloud-based applications that employees can easily access from any device
“Companies who choose to ignore the likely use of personal devices are ignoring what could be a serious security risk,” as noted in Digital Guardian.
Cybercriminals know that a growing amount of work is happening on mobile devices, whether employee- or employer-owned, and they have adapted their tactics accordingly. Attacks designed specifically for mobile devices are on the rise, leveraging emails, text messages, social media applications, and other channels.
2. Enhance BYOD security with a bulletproof policy
A fundamental purpose of a BYOD policy, as noted in TechTarget, is “defining the scope of control that the organization expects to maintain over employee-owned devices.” Such policies may focus on the devices, treating them as quasi-corporate assets because employees use them for company purposes. Alternatively, policies may focus on the company data that’s accessible via devices, an approach that would emphasize access controls and risk management.
The best policy, TechTarget suggests, is a happy medium between those two points.
In general, your BYOD policy should address factors such as:
- What are employees allowed to do with company resources on their personal devices? For example, a company might require employees to access company data and applications only under the protection of a Virtual Private Network.
- What are the baseline security protections that employee devices must have?
- What security protections will the company put in place?
- Are there non-company applications that might present a threat via the device, and will those be permitted?
Policies should also address situations such as device loss or theft. When employers use mobile device management (MDM) solutions for company-owned devices, it’s easy to remotely wipe a device to ensure no one can gain access. That safeguard gets more complicated when devices aren’t corporate-owned and may contain both personal and company data. However, it should also be noted that companies can add MDM to BYOD devices — but it must be the right MDM, one that can containerize data i.e., segregate personal and corporate data on personal devices which allows for increased data privacy, control, and security.
Similarly, policies should outline steps to be taken when employees quit or are terminated.
3. Educate employees about mobile device security and privacy
Educating employees about cybersecurity is essential whether companies use BYOD or not, but BYOD makes it even more critical. Multiple studies have shown that human error is a leading cause of data breaches, often through an action as simple as opening a fraudulent attachment.
Security and privacy are closely related, and transparency is vital. Even employees who love BYOD programs might have reservations about mixing work and personal applications, data, and contacts. When companies put tools in place to enforce access controls and gain visibility into employees’ activity, employees may wonder how much personal information their employer can see. They may also chafe under company controls governing what they can and can’t do on their devices.
For some companies, the easiest stance is to make it known that if employees choose to use their own devices for work, they give up any expectation of privacy. But most companies navigate this dilemma by addressing privacy within their BYOD policies and sharing those parameters with employees.
Clarity and communication help to ensure that employees’ privacy concerns don’t lead them to circumvent security policies (for example, by downloading unauthorized apps) or ignore best security practices, such as those governing strong passwords.
4. Choose an expert partner that specializes in mobile device management
Managed mobility providers offer their clients a host of services, from keeping carriers accountable and managing plan data to providing a single point of contact for troubleshooting. But one of the most important services they provide is strengthening security protections and ensuring employee compliance with corporate policies on mobile devices using MDM. Typically, MDM comes with increased demands on your IT team — who are already overworked as is. However, managed mobility providers will include MDM specialists who you can trust to handle MDM setup, migration, management, and more.
Furthermore, MDM applications can also support software configuration, employee onboarding, remote locking and wiping of lost or stolen devices, and other activities that help to keep devices secure.
When it comes to BYOD, companies should carefully consider the risks associated with allowing employees to use their own personal devices for work-related purposes. From security risks to the increased burden of complexity that IT support must handle, BYOD has many drawbacks that should not be taken lightly.
Of course, the debate between employee-owned and company-owned devices will be a continual topic of conversation largely because the answer may be a bit different for everyone. If you have questions about the best path forward for your company’s enterprise mobility management, then contact us to get answers and learn how we can help support your needs.