Technology Risk Insights: Is a ‘Bring Your Own Device’ (BYOD) Approach Right for Your Company?

By | October 25, 2013

Technology Risk InsightsMore and more staff—especially the young, technologically-savvy—are no longer satisfied with company-issued tools to get the job done. Known as Bring Your Own Device (BYOD), businesses are finding that employees want to swap company equipment in favor of personally owned devices, such as laptops, tablets or smartphones, that they are more comfortable using.

This is largely a reversal from the past, when businesses were generally the first to adopt cutting-edge technology, and consumers followed. Now, a 2011 study by the Aberdeen Group found 75 percent of 415 surveyed organizations allow employees to use their own devices for business purposes. Consumerization of Information Technology, another name for BYOD, is all part of the increasing influence of consumer technology in the workplace. To determine if a BYOD approach is right for your company, first familiarize yourself with the advantages and risks of BYOD.

BYOD Advantages

BYOD can be a money-saver for companies, reducing the amount spent on hardware and software purchases, maintenance and the cost of training employees to use the equipment. Especially for rapidly expanding companies, allowing personally owned devices could save them thousands of dollars in up-front IT hardware costs for new employees. With BYOD, employees buy and maintain their own equipment. Companies can choose to compensate them by subsidizing or reimbursing their purchases, or offering flexible work schedules and the ability to work remotely.

In addition to saving money, BYOD can be effective for recruiting and retaining staff. With the freedom to choose the technology they are most comfortable with, employees are more productive and satisfied with their jobs.

BYOD Risks

While BYOD saves some companies money, others could end up spending a lot more. Businesses that require the standardization of their applications, hardware and operating systems—meaning that some equipment must be integrated with others—could actually increase IT management costs if personally owned devices were added to the mix.

Adopting BYOD exposes companies to two major risks:  IT security risks and data loss. This alone may be enough to compel a company to ban BYOD altogether. Are these risks worth the benefits?

  • Risks to Network Security

Personally owned devices usually don’t have the same bulletproof security technology that your company computers have. One risk is authentication, which is how you allow users to access your network. Since your IT department doesn’t control the employee’s device, you must find a way to authenticate the user. Not to mention, if the personal device doesn’t have malware protection, Trojans, spyware and other malware attacks can be introduced to your network.

  • Mitigating the IT Security Risk

Security threats are serious; however, this doesn’t necessarily mean you should forgo adopting BYOD. Your IT department can help mitigate the risks with the following:

  • Keeping track of which devices are corporate-issued and which are employee-owned.
  • Installing digital certificates on each personal device so it can be authenticated before the employee uses it to log in to your network.
  • Ensuring that the company Wi-Fi network is able to handle the increased number of Wi-Fi devices that access it so that it won’t negatively affect the network’s performance.
  • Creating an Acceptable Use Policy, defining the rules for what employees should and should not do when they access your network, regardless if they use company computers or personally owned devices.
  • Risks to Company Data

In addition to IT security, a data breach due to lost, stolen or insecure devices is a threat that should not be ignored. In a study conducted by the Ponemon Institute, 51 percent of 4,000 employees reported losing company data due to insecure mobile devices. Saving money and keeping employees happy are important, but losing confidential or proprietary company data could result in a tarnished reputation, lost customers and costly lawsuits. Especially if employees work with sensitive customer data, such as personally identifiable information (PII), BYOD could increase the risk of a data breach.

Can you trust that your employees will protect your data? Inform them that while the device is their own, the data belongs to the company. The line between separating company files from personal files on personal devices can get blurry, increasing the chances that company data could be mixed up with personal data. Be aware that employees who save company data on personal cloud storage sites, such as Google Docs®, Facebook® and YouTube®, increase the risk of sharing or streaming content to unauthorized viewers.

How focused is your staff? Keep in mind BYOD could also result in decreased productivity, as employees are more likely to distract themselves with surfing the Web or taking care of personal business on their own devices than they are on company devices.

  • Mitigating the Risk of Data Loss

In deciding whether or not to adopt BYOD, focus on protecting your data and mitigating the risk of a data breach. Work with your IT department to create a BYOD policy that includes:

  • Installing remote wiping software on the employee’s personal device in case the device is lost or stolen. Inform employees that remote wiping may cause their personal data, such as pictures and contacts, to also be erased.
  • Educating and training employees on how to safeguard company data when they access it from their own devices.
  • Informing employees about the protocol to follow in case their devices are lost or stolen.

Smart Risk Management: Create a BYOD Policy

Balancing the risks while keeping employees happy is a challenge. Many companies make the mistake of adopting BYOD without putting a formal policy in place, increasing the chances that BYOD could be abused.

Work with your IT department to incorporate the security and data loss risk mitigation into your policy. You may also want to consult your legal department about adding disclaimers, such as taking and confiscating employee-owned devices in case of litigation.

Once the BYOD policy is in place, inform your employees about which personal devices your company will and will not support. Educate them about the importance of IT security and protecting company data on their devices. Working on a personal device should be no different than working on a company computer.

Contact The Buckner Company for more information on managing BYOD risks.

 

Is a Bring Your Own Device _BYOD_ Approach Right for Your Company


Leave Your Comment