Information Technology Asset Management (ITAM) has been confronted by arguably its most formidable nemesis: BYOD. Gone are the days of only tracking desktops and company-issued laptops; enter the mobile-device-age and the seemingly endless stream of security issues that accompany its inevitable arrival to the daily office routine. With the global BOYD market expected to grow at a CAGR of 22% from 2017-2023, it has never been more relevant for companies to evaluate BYOD Security.
Understanding the Risk of BYOD
Allowing employees to work anytime, anywhere with their own device is the fundamental purpose for instituting a BYOD strategy. However, this anytime/anywhere capability can lead to obvious security threats which are guaranteed to arise without a sound corporate BYOD policy.
According to a survey conducted by Dimensional Research, 93% of organizations have mobile devices (smartphones/tablets) connected to corporate networks, with 67% of that number being personally owned devices. That is a substantial number for IT to maintain corporate security, especially since those personally owned devices are not required to follow company security standards when outside working hours.
To make matters worse, 66% of participants indicated careless employees are a greater threat to security than hackers, which ultimately makes the 53% of employee mobile devices with confidential customer data an incredible business liability.
TOP BYOD SECURITY RISKS
- Vulnerable software on devices
By failing to apply software security updates, employees could potentially expose corporate data. Additionally, employers do not have power over which third-party applications are authorized on devices, leaving them vulnerable for hackers to take advantage of coding errors.
- Wireless Access Points
When employees connect their working devices with an unsecured, open access point (think hotel Wi-fi), man-in-the-middle attacks can occur.
- Email Exposure
Some employees may not use a pin or password to access their device. Thus, if it were to fall into the wrong hands, emails and other corporate information could be easily accessed.
- Lost or stolen devices
This directly relates to the previous point and is probably the most common cause of data loss while using a BYOD strategy. Hackers can easily gain access to a stolen device and extract sensitive information.
SECURITY STRATEGIES TO MITIGATE BYOD RISK
Have your IT team consider potential risks to your organization by implementing BYOD. This can include an external source trying to make its way onto your network, increased support costs due to a wider range of technologies, or even internal users wanting a say in the restrictions being pressed on them.
In addition to considering potential risks, brainstorm policy strategies to ensure you achieve optimal security. Consider implementing simple IT precautions such as:
- Management of devices by IT using corporate approved Mobile Device Management (MDM) systems to insure all devices are registered and accurately updated.
- Password protection and device encryption when accessing corporate email.
- Require employees to use a VPN when accessing corporate resources to avoid unsecured wireless access points.
- Consent for the company to access the device for business purposes Employee obligation to report a lost device, and IT’s responsibility to wipe it to prevent misuse of that information
- Rights to audit and monitor activity on personally owned devices
- For instance, if a sales employee leaves the company with all of his/her sales contacts on the mobile device, then that’s a huge company asset that goes missing or into the hands of competitors.
Establishing Company Awareness
Extensive measures must be put in place to try and safeguard from any loss of data. Consider the ramifications of a top executive losing his or her smart phone containing in-development screenshots of a project. Should a competitor obtain these files, the advantage of launching your project to the market incognito will be lost, and the integrity of the project’s details compromised.
By establishing clear policy guidelines and requiring mandatory compliance to these policies, organizations intending to implement BYOD can mitigate legal implications should an employee lose his or her mobile device. Some examples of proactive measures to consider:
- Policies should be legal and the rules clear to all employees about joining, leaving, or altering participation in a BYOD program
- Drive awareness around Terms and Conditions of existing agreements and impact as BYOD becomes more prevalent
- Develop ITAM policies around acceptable use of BYOD in an organization
- Create clear policies on which devices can be used – employees should not expect every device to be enterprise-ready and included in the system
BENEFITS OF BYOD
Despite the complexities involved in managing a BYOD policy, you decided that the rewards far outweigh the risks, and rightfully so! The obvious advantages of BYOD from an employee satisfaction/motivation standpoint as well as an employer cost-benefit standpoint will be immediately apparent as you observe increased workplace productivity:
- Employees carry less equipment, thus, lowering hardware procurement costs
- Staff availability increases as their BYOD agreement requires constant access
- Employer reputation increased as an organization that embraces the newest technologies
However, as with any tech upgrade in the workplace, key details must be addressed so that both the employee and employer maintain a fundamental understanding of the rules involved with BYOD:
- Who pays for the device
- What happens in the loss of a private device and who replaces it
- User restrictions for the device
- Employee training regarding mobile software licensing rights
Without strict guidelines, BYOD can easily be turned into an employee-abused asset, ultimately costing the company more time and money. When implementing BYOD in your company, be sure you have a secure and overarching cloud management tool. If you’re interested in learning more about BYOD policies and procedures strategies, as well as the ideal mobile device designed to incorporate with enterprise security standards, click our banner below.