In our earlier post about the advent of BYOD, we looked at the benefits provided by mobility in the workplace: increased productivity and efficiency, and better recruiting and retention rates. Following up on that piece is a look at the security concerns that surround BYOD implementation. Without proper security measures in place, the risks of BYOD could outweigh its benefits. Do you know if your company is secure?
Sixty-eight percent of IT professionals say that their company has a BYOD policy in place and another 20% report that they are in the process of developing one. However, 74% of businesses polled by Deloitte feel that the increased use of smartphones and tablets in the workplace creates a security vulnerability – and they’d be right. “Organizations are easily exposed to new and more complex threats from stolen, lost or destroyed data, malware and other attacks if the device is not securely used and protected,” says the CEO of the Information Security Forum, Michael de Crespigny.
According to Forbes, the three most common BYOD security concerns for businesses are as follows:
- The various makes and models of devices make it difficult for IT to regulate. With only 19% of corporations buying and owning the BYOD devices employees use, having uniform security protocols in place is challenging given that employees use a wide variety of devices – iPads, Blackberry phones, Android tablets, etc.
- There is a lack of encryption of company data. IT security company ESET found that about two thirds of devices do not encrypt company data, leaving sensitive information like customer financial data exposed.
- Devices are often beyond the reach of firewalls. If used at home on a personal Wifi connection or at work on a 3G or 4G network as opposed to a secure corporate Wifi connection, devices are susceptible to malware. What’s more, devices being used on unsecure connections run the risk of making the company fall out of compliance with data privacy laws.
What can businesses do to limit their risk exposure? Educate employees on security policies and risks. Only 47% of employees are being trained on BYOD security best practices, leaving a large number of staff unaware of cyber threats surrounding the use of their personal device for work.
Mobile device management (MDM) software must also be included in BYOD implementation. MDM programs allow IT to configure network entry settings and decide to what extent individual users have access to company data. As well, MDM solutions from reputable companies like AirWatch (above) allow IT to remotely wipe corporate data from a device while leaving personal data intact if an employee leaves the company, loses his or her device, or is terminated.
“In the beginning, we had a lot of push-back,” says Anthony Peters, Director of IT at Burr Pilger Mayer Inc., describing when he implemented BYOD security measures at the San Francisco based accounting and consulting firm. “[Users worried there would be] too much Big Brother and we’d be too involved in their personal lives. We talked to senior management, HR and legal from the start, spending significant time with individuals, showing them how [BYOD security policies] would work. That was really helpful in policy design.”
BYOD is a balancing act. The benefits of a having an effective policy in place can be significant, but proper security measures must accompany it to reduce your company’s risk exposure.
Check out our Twitter page and let us know what your company does to minimize its security risk associated with BYOD.