Employers are increasingly implementing BYOD (bring your own device) programs. As of January 2015, 74 percent of organizations were already using or planning to allow employees to bring their own devices to work (Tech Pro research).
For employers, BYOD can reduce IT hardware costs, increase efficiency and productivity. Meanwhile, employees enjoy the freedom to use their own devices, and anytime/anywhere access to data, information and connectivity. But BYOD also exposes businesses to risks. Follow these tips before you let your employees use their own devices in the workplace:
Establish a company-wide BYOD policy that clearly defines privacy expectations, acceptable use, supported devices, security measures that employees must take, and other IT guidelines. Have all employees agree to it and list the devices they’ll be using. Design this document with input from your senior management, HR and legal departments, and make sure to spend time with employees so they understand the details.
Implement a mobile device management, or MDM solution. These applications help companies deal with data segregation, secure emails and company documents, enforce corporate policies and manage mobile devices. Choose from on-site or cloud-based options.
Enable remote wipe capability to protect sensitive information if devices are lost or stolen. The current trend is to selectively wipe data—not an employee’s entire device. Additionally, devices should have location tracking, so you have a greater chance of finding them should they go missing.
Data protection is a critical concern. Companies can’t assess their exposure if they’re not managing devices. Remember, too, that if devices are used at home, other people, such as family members, may also be using them, and there’s a chance they may view confidential documents.
Make sure cloud backups are in place and data is saved in the cloud. When an employee leaves your company, you don’t want them walking out the door with your confidential data. Make sure your data is encrypted, and set up a Virtual Private Network (VPN) so your data remains secure.
Fortify your perimeter with robust firewall, antivirus and malware protection, because when employees download apps to their devices, they can infect your entire network. Android devices are particularly vulnerable to malware. Make sure employees have password-protected information on their device, with strong passwords. Update antivirus software regularly, and ask your employees to regularly scan their devices.
Multi-national companies need to be aware of international privacy laws, such as the Data Protection Act of 1998, which defines UK law on the processing of data on identifiable living people. Often, these companies notify users about all MDM capabilities, and create customized terms of service that detail how they intend to manage the BYOD.
Bear in mind too, that you may have to upgrade your data infrastructure to accommodate a surge of personal devices using your network.
Additionally, The Security for Business Innovation Council recommends this BYOD agreement checklist:
- Ensure that end-users are responsible for backing up personal data
- Clarify lines of responsibility for device maintenance, support and costs
- Require employees to remove apps at your organization’s request
- Disable network access if a blacklisted app is installed or if the device has been jailbroken
- Specify the consequences for policy violations
While BYOD offers many advantages, businesses need to fully consider all the implications. Single Path can help you design, execute and maintain a BYOD program that securely improves business performance, while giving employees the flexibility they seek.