For a modern-day workplace, a bring-your-own-device (BYOD) policy is becoming commonplace. Since many organizations are now assigning corporate devices, such as company-issued smartphones and tablets, in order to help employees keep up with work and email, it’s natural that some people may want to use their own device instead. Given that some levels of work can be readily accessed through any device, it should be an easy step — except that there are security concerns. Once your employees are granted access to company servers on their personal devices, sensitive information is at an even greater risk of being leaked — especially if employees are lax on keeping their device’s security measures up to date.
But it’s not all bad news, since implementing a BYOD policy can be a smart move for companies with a limited budget, and in many instances the employees may actually take more care of their personal devices than they would corporate ones. Let’s examine the pros against the cons and see if there’s a middle ground to be found with BYOD in the office.
It wouldn’t be a stretch to say that almost everyone has a smartphone in their pocket or a tablet in their bag, and asking them to give either up would be a lost cause. When faced with the option of putting aside their own personal device for one issued by their employer, some people would choose to say no — it’s understandable that people become attached to their devices, and much more comfortable with its ins and outs.
That’s why a BYOD policy works for many organizations. If employees are able to bring their own devices and use them for work as well as play, it’s more likely that they won’t miss important emails — because they’ll probably already have their device out to check Facebook or Twitter. They’ll also be able to use their device anywhere, making them more flexible, available, and productive. They may even take more care of their own device when it comes to protecting it from physical harm, as well as cyber harm.
Allowing employees to use their own device can also be an economic advantage. If you’re running a small business, every dollar counts, and the money you save by not having to equip your workforce with devices could be huge. Plus, it means you’ll be ahead of the trend — a Heimdal Security article notes that 67 percent of workers are already using their own devices, and “50 percent of companies will require employees to provide their own devices for their jobs by the year 2017.” A BYOD policy is definitely trending upwards in current companies.
When you allow employees to bring their own devices into the workplace, and access company files from their own smartphone or tablet, you need to keep in mind every organization’s worst fear: a data leak. After all, the devices your employees are using to connect to the network are generally “out in the wild” — that is, individuals are taking these devices everywhere they go. This could leave the smartphones or tablets open to being lost, stolen, or hacked into without the aid of company IT to help lock down or wipe the device. It’s no wonder that many IT departments aren’t too hot on the idea of BYOD.
It’s not just the threat of physically losing the device. There are many dangers in terms of cybersecurity, and unless your employees are properly educated and encouraged to stay on top of device protection, the data they access could be at risk. For example, many individuals are unaware of the precautions that should come with accessing public Wi-Fi; since there’s very little security involved with unprotected networks, they could be leaving themselves open to having their device hacked into.
Additionally, if you’re in an industry that requires compliance, it can be tricky to enforce on personal devices. Says an article at PC World on BYOD:
“There is also an issue of compliance and ownership when it comes to data. Businesses that fall under compliance mandates such as PCI DSS, HIPAA, or GLBA have certain requirements related to information security and safeguarding specific data. Those rules still must be followed even if the data is on a laptop owned by an employee.”
The Best Practices
If you choose to enact a BYOD policy, ensuring that it’s a successful one starts with having a solid set of guidelines. “You should also lay out minimum security requirements, or even mandate company-sanctioned security tools as a condition for allowing personal devices to connect to company data and network resources,” advises PC World. This should help make clear what is and isn’t permitted in terms of using a personal device to access corporate data.
Also, your best defense is a good offence — that is, a strong level of security on the device in question. Although your employees may not be getting regular checkups on their tablets or smartphones from the IT department, it’s always a good idea to remind your staff about automatic security updates and patches that may need to be installed. Remember that your system holds highly confidential information which is essential for your company, and desirable to hackers. Employees using personal devices at work should have the highest level of security software available.
Lastly, education is mandatory. Make sure you keep your employees up to date on security concerns and signs hinting it’s time to install a new level of protection. It’s also worth doing a regular check to guarantee that all personal devices that are also being used for work purposes are compliant with any data transfer regulations that might be in place. It can be all too easy for staff to become so comfortable with their personal devices that they neglect to comply with data regulations, which can lead to huge headaches down the line.
Allowing your employees to bring their own smartphone or tablet into the workplace can be beneficial for both sides: you save money and your employees get the ease and comfort of using their own personal tools. However, it’s imperative that any staff under a BYOD policy become educated on proper security measures as well as how to install the most up-to-date security protocols. If corporate data is as safe as possible on all smartphones and tablets linked to it, then it should be simple and cost-effective to allow staff to work from their own devices.