The “Bring Your Own Device” (BYOD) trend is forcing many employers to implement new policies to address possible risk. There are many risks associated with BYOD and employers need to make sure their policies are addressing all possible risks. BYOD is not going to disappear overnight, in all likelihood it will simply increase over time. Risks associated with BYOD can be reduced only if both the employer and the employee clearly understand the risks, as well as their roles and responsibilities in managing those risks.
The number one threat to any organization is the accidental loss of information or planned information theft. When your employees carry around personal, unsupervised devices in the workplace, your business can be exposed to viruses, theft, etc, particularly since personal devices are generally left insecure.
There are several ways to mitigate the risk posed by BYOD, including updating and familiarizing yourself and your employees with BYOD company policies. Several companies exist which offer you a range of security technologies for your BYOD workplace. Mobile device management (MDM) solutions such as these use containerization, encryption, application and content management, and much more to provide you with total BYOD security.
Alternatively, there are programs that can help you with mobile application management (MAM). These programs help you focus on enterprise resources managing what’s really important to your organization – the data. Programs such as these take control of the applications that can access your data while allowing employees to have control over the devices they own. This way you can ensure your important data never leaves your application without preventing your employees from using their devices for personal use on their own time.
If you are unable or choose not to take on the cost of an outside program for BYOD security, there are steps you can take to protect your organization with the help of your internal IT department. First, as an employer, you need to identify what information needs to be protected and how to protect it. Incorporating data classification is helpful to protect against BYOD risks as it is often limited to only a handful of access permission categories. Protecting your data should include securing your corporate servers so no personal device can access these resources without first being checked and authenticated. In addition, you should secure your network including both wireless and physical ports. For wireless protection, you can separate corporate and consumer wireless signals so only corporate devices can access the network. For physical protection, you can configure your routers and switches to check addresses of any devices attempting to connect into them.
Second, you should maintain an appropriate level of control over data access beyond the physical boundaries of your organization. Employers must apply policies and employ tools to monitor and maintain information management across all devices.
As the trend of BYOD continues to rise, new programs will come out to assist you in protecting your organization’s data. Make sure that you are keeping in touch with new technology developments and be prepared to continually adapt your policies and procedures to evolve alongside BYOD. In the meantime, before mobile management programs are available, employers need to focus on development risk and information management policies to address BYOD and to maintain a flexible enterprise. A process needs to be established to monitor and manage business data and applications that reside on business-owned and personally owned devices throughout the information lifecycle.
