The security impact of BYOD on SMEs
But what was an inconvenience for an employee carrying multiple devices; IT security professionals now have to balance the security of the data being transmitted with the freedom employees want. If your business is looking at BYOD for your employees, here are a few things to keep in mind.
BYOD has three big issues for businesses:
Device access
Employees tend to be more relaxed and casual about their personal devices. They'll leave them unattended on a table in a public place or let their children play games on it. Both are big problems as it opens your business to risks that are out of your control.
Secure network access
Employees use their mobile devices to access everything from their corporate email to network gateways and more. Good for productivity, but a nightmare in terms of security. Finding the best security systems that work for your business is critical.
Ability to detect issues
Knowing when issues happen is vital. Your IT teams need to troubleshoot issues immediately so that downtime is kept to a minimum. There can also be legal implications depending on the type of information you handle, so having a clear understanding of what you need to do to keep data safe is critical.
Should you embrace BYOD?
According to Gartner, BYOD increases employee morale and job satisfaction, and employees save between 45-60 minutes a week by having "anytime, anywhere" access due to BYOD.
Note: Businesses should not bank on cost savings when employing BYOD. Initially, you'll see some cost savings because you'll be buying less hardware but might spend additional capital on extra support and data services costs.
Why a business needs a BYOD policy
Creating a BYOD policy is often neglected, as there can be too many variables, for instance:
The legal implications for your firm because of what your employees do on their phones
How you deliver business apps to employees: do you set up an app store that only employees can access? Or do you rely on a public one?
And what about policing guidelines you need to create, implement, and enforce.
You can get a headache just thinking about all these things. But it is an important exercise for any business, even SMEs. So what should you include in your BYOD policy?
Security
Have a robust layer of security between devices and your network to prevent unauthorised access and data loss. People don't like passwords and lock screens on their personal devices, but they are vital to ensure data security.
Approved devices
Make it clear to employees which devices you'll support and which ones you won't. If you don't spell this out, you'll be amazed at the number of devices that will show up, and tech support they will demand. This not only creates problems for your IT support team and your system but can impact your bottom line in terms of overtime to pay your IT department to fix things, and reduced 'up time' of employees with unapproved devices which fail to work, or damage systems.
Communication
Your BYOD policy should be reiterated consistently so everyone understands. Employees should be able to tell you what your firm's policies are, how the policies affect them directly, and what the consequences are for losing a device or using an unapproved one. You never want to hear: "But I didn't know!"
Include BYOD in your existing acceptable use policy
The lines between business and personal use are becoming blurred, and your business doesn't own the device an employee uses, yet it's considered a corporate device under BYOD. Which means it falls under your existing Acceptable Use policies. If you're using BYOD, then it's time to update it.
Here are a few questions to consider:
What if an employee forgets they're connected to your network and browse objectionable websites?
What if they transmit inappropriate material over your network?
What sanctions are there for such activities?
What monitoring tools are you using to detect such activities?
Are you ready to go BYOD?
Allowing employees to use their personal mobile devices for business is growing in popularity. Employees embrace BYOD because it reduces the number of devices they have to carry, yet many businesses are scared by the security implications. With a little research and planning, you can create a clear and understandable BYOD policy that meets your security needs and yet gives employees the freedom they're looking for.