The way businesses operate has certainly changed with the rise of new technology flooding the workplace. Perhaps one of the most significant developments in the past few years has been the increased use of personal devices in the office. As smartphones and tablets have become more affordable and their capabilities have multiplied, more workers are bringing their own devices to help them with their jobs. According to one recent survey from Webroot, employees at more than 60% of companies use their own devices at work. This growing trend has lead to more and more businesses adopting bring your own device (BYOD) policies as a way to not only enjoy the added benefits but to maintain at least some control over behavior that has the potential to quickly spiral out of control. As beneficial as BYOD can be, the biggest concern companies have with the practice is the added security risks personal devices may bring.
An employee may view a smartphone as an incredible convenience from which he or she can perform many of the tasks required each day. Many IT departments, however, view a smartphone as just another risk, one that can severely compromise network security. They definitely have justification for their concerns. Employees who use personal devices to access company networks and systems will likely end up with business credentials saved on the device along with confidential log-in information for network access. Should the device fall into the wrong hands or be exploited by an outside party, all of that information may be used to further penetrate a company’s network, stealing valuable data or damaging systems. These kinds of attacks can end up costing organizations millions of dollars.
Other worries may keep business leaders wondering if a BYOD policy is right for them. New security threats can be introduced through personal devices via malicious apps. Employees may download these apps without realizing they contain code designed to steal information off of devices. Employees may also select links that send them to suspicious websites that automatically download viruses or other malware. Most concerning of all is the risk of a device with company data being lost or stolen. This happens with a frightening degree of regularity, with research showing that about 22% of all mobile devices, whether intended for work or personal use, will be lost or stolen at some point. The research also shows more than half of those devices will never be recovered.
That’s not to say that companies are powerless in the face of these significant security threats. Business leaders have on hand a number of measures and strategies they can utilize to handle BYOD security more effectively. One tactic many businesses are trying out is creating their very own app stores, filled with apps that have been tested and approved by IT in order to ensure the safety of apps used for work-related tasks. Some of the apps included in the company-approved store may even be security related, intended to help the device detect and eliminate threats. Companies may even use mobile device management (MDM) software, giving IT workers more control over devices. MDM helps IT departments use other security features for each device, like strong password protection and data encryption.
One of the more common security features deals with the threat of lost or stolen devices. With MDM software, many companies have the ability to remotely lock or even wipe a device that has been reported missing. This somewhat extreme measure helps to protect the device and, more importantly, the data contained within. Remote wipes are fairly common--one study says a remote wipe happens every three minutes--but they’re not without their drawbacks. Sometimes a remote wipe can erase personal information on the device, which can cause all sorts of friction with the employee. Remote wipes also depend on the employee alerting IT about the loss or theft, which is something many employees are reluctant to admit. A strong BYOD policy may require reporting a lost or stolen device within 24 hours, but failure on the employee’s end usually leads to a punishment, which in some cases can be as serious as termination.
The security challenges associated with BYOD may seem daunting, but with the right strategy and a well-planned policy, the challenges can be overcome. BYOD is a wave that looks to be unstoppable; employees are going to bring their device in to work whether it’s officially endorsed by the company or not. If organizations want to stay on top of things and handle BYOD security effectively, a policy that considers all options and is clearly communicated with employees will have the best chance of success.