With the proliferation of portable electronic devices, increasing numbers of professionals are preferring to carry their own smart phones, laptops, tablets, etc. to use for work-related purposes. Rather than transporting duplicate devices to distinguish between professional vs. personal data, employees can work where and when they please and with hardware and applications they are already familiar with.
It is estimated worldwide that one in three employees are utilizing personal devices at the workplace. While this trend may initially seem to work in the employer’s favor (why pay for a device when an employee is perfectly happy to provide their own?), it also raises troubling concerns. The company enjoys potential cost savings by not having to purchase and support the hardware, it also loses control over what data resides there. This can be of particular concern to small and medium sized businesses that don’t have an IT infrastructure equipped to handle the challenge.
Among the myriad of potential headaches are questions, such as who (other than the employee) might be able to access company data from the device when it is off-premise? And what happens to the data should the employee lose the device or simply decide to leave the company? The possibility for data breaches and information leakage undeniably expands as the workforce becomes increasingly reliant on mobile devices.
Fortunately, there are a number of steps that can be taken to achieve a secure, device-agnostic environment.
- Conduct an Audit – it is imperative to conduct an audit of your entire IT infrastructure to determine if you are ready to accommodate workforce mobility. Implement gatekeeper software (such as a VPN) to guarantee that data transferred to and from mobile devices over your network is secure.
- Communicate expectations for acceptable use of employee-owned devices – This includes penalties for violating policies and procedures. In the face of increased use of personal devices, many organizations are implementing “BYOD Acceptable Use” Mobile Device Management (MDM) policies aimed at defining how and when IT can access any devices that may access your business network – including the capability to revoke access or even wipe a device that has been lost or stolen – even if it means doing so without the users’ permission. The MDM policy should also provide guidelines and protocols for employees remotely accessing corporate data. Of course, by imposing rules regarding what employees can do with their own devices, companies can and should expect push-back. Employees reluctant to adhere to MDM guidelines must understand that convenience comes at a cost.
Having a diverse and dispersed hardware environment has advantages beyond convenience. While it seems counter-intuitive, a device-agnostic strategy helps alleviate the risk of malware attacks. Mobile devices may be connecting to the network, but not actually accessing applications. Distributed devices and disparate operating systems may limit the impact of attacks since each device is potentially isolated.
While there are great benefits to productivity and employee retention associated with implementing a BYOD environment, companies need to think about data protection and the potential legal risks of allowing employees to store proprietary data on personal devices. If implemented carefully and with sensitivity to the organizational culture, the benefits of a bring-your-own-device strategy can easily outweigh the risks.