How to Address the Threats that BYOD Brings to Your Business
BYOD, short for bring your own device, is a rapidly expanding business trend. The industry is expected to triple in revenue within the next 5 years, as more than half the global workforce will be mobile during that same timeframe.
It’s a natural development. We’re less bound by location in working for our employers, and the devices we hold in our hands are becoming more powerful by the minute. Why should we rely on a company-provided phone or computer when our own phones and laptops are at least as powerful?
The development is just as obvious for companies at first glance. BYOD means putting responsibility for the device into the hands of the employee. It’s a significant cost saving, and adds to the flexibility modern companies seek as they trim waste and expand their revenues.
At its best, BYOD increases your employees’ happiness and productivity, while allowing them to operate in a more flexible, agile environment. At its worst, though, the threats it poses to your business are just as significant. Understanding these threats is crucial to building a BYOD strategy that protects your business without missing out on its considerable benefits.
5 Threats that BYOD Brings to Your Business
Let’s start with the dangers. BYOD is a typical tech trend: its usage has outgrown the ability to regulate it on the company perspective. That means several threats have arisen that organizations of all sizes and industries have to contend with.
1) Overlapping Business and Personal Uses
BYOD is naturally broken down the barriers between work and personal time. Using a personal iPad at work doesn’t mean your teams stop watching Netflix or shopping at Amazon when they’re off the clock. That, in turn, has introduced significant security risks.
According to a 2014 study, 70% of employees download personal apps on devices they typically use for business purposes. Chances are that number is only rising. It has its benefits; your workforce will be more available, and closer to their email. The threat, though, is just as obvious.
Personal apps tend to introduce security concerns that are impossible to ignore. Facebook alone has carved out a regular spot in the news for data breaches. Personal apps can provide easy back-end access into the devices your employees use for their work.
2) Lack of Control over Company-Owned Data
Closely related to the above threat is the fact that in BYOD situations, you tend to have less control over sensitive and company-owned data. Instead of remaining static on a local server or desktop computer within your firewall, that data gets carried everywhere your employees go.
That becomes more than just a physical problem. IBM has found that mobile users are three times more likely to fall victim to phishing attacks than their desktop counterparts. Are you aware of the data that lives on your employees’ phones at all times? The answer is likely no, making a potential breach all the more likely.
3) The Possibility of Lost and Stolen Devices
Say that your employees are perfectly responsible, protect their phones, and only use them for business purposes. Chances are they still carry them beyond your company premises. As soon as that happens, you introduce a risk of lost or stolen devices.
In fact, one study has estimated that 40% of all data breaches are caused by lost or stolen devices. Even if the real number is not quite that high, the point still stands: it’s easy to lose your cell phone, or have a laptop stolen with your backpack. When that happens, and the company doesn’t have control over the data on that device, trouble tends to ensue.
4) Failure to Cut the Cord for Ex Employees
Even the best-performing companies lose employees. That divorce is not always cordial. With company-owned devices, that’s not a problem – the data remains safely in your hands. However, the same is not true under a BYOD policy where the device remains with your former employee.
If they’re disgruntled, that could mean bad things for the information on their smartphone or laptop. More than half of companies don’t remove data from the devices of ex employees. But if you don’t cut that cord, and ensure a clean wiping of all sensitive or proprietary information, you introduce data theft or accidental spreading of that information.
5) Outdated Software Systems
Finally, companies who are just beginning to embrace BYOD don’t tend to think about the software requirements this policy brings. On company-owned computers, software updates tend to be scheduled and automatic. The same cannot be true when you don’t have easy access or control over that software.
Take iPhones as an example. Apple’s regular iOS updates often address security concerns, designed to prevent breaches. But what if, instead of the current 12.3 version, your employees are still using their iPhones on version 11 or earlier? Outdated software doesn’t just become inconvenient; it potentially exposes your business to data theft.
5 Steps to Address and Overcome BYOD Threats
Do all of the above security risks mean that BYOD is never a good fit for your company? Absolutely not. The productivity and cost benefits are impossible to ignore, and the workforce is increasingly moving towards this adoption. Instead of avoiding these threats altogether, it makes more sense to build a comprehensive strategy designed to address and overcome them.
1) Build a BYOD Policy
The first step might also be the most obvious. If you want to stand a chance of protecting your employees and your data, you need a BYOD policy. Unfortunately, only 60% of companies have this type of policy in place, leading to many of the problems described above.
A comprehensive BYOD policy includes a number of components:
- Onboarding procedures for new employees and new devices.
- Specification of approved devices for work-related activities.
- Basic rules and regulations around daily use of the device.
- A password policy for all common devices and use cases.
- RIsk and liability disclaimers for both the organization and the employee.
- Training and development opportunities to develop a security mindset.
Beyond these elements, the right policy should also include the specific procedures of encryption, MDM and containerization described below. That way, there are no surprises for any employee use to leverage their own device for work.
2) Evaluate Your Technology Capabilities
Combine the threats listed above, and security is a natural weak spot. Is your current IT setup prepared to manage the influx of devices, and the challenges that come with that, on an everyday basis?
Answering that question is complex, but absolutely necessary. It might take an audit, not just of your current capabilities but the devices currently in use for work. Connect closely with anyone working on the technical side of the business to build your understanding of what measures you currently have in place to secure and optimize your BYOD policy.
3) Encrypt Sensitive Company-Owned Data
A lack of data control can be at least partially rectified through encryption. Codifying sensitive information means less worry about whose hands it might fall into. Even if a device is lost, the data will only make sense to someone who knows how to decrypt that information.
Encryption comes with a number of advantages in a BYOD environment. Most importantly, it’s relatively non-invasive, as the data itself is the protection. In other words, employees will not have to install other, external apps or give up control over their device.
On the other hand, encryption alone doesn’t tend to be enough. It still leaves open problems such as disgruntled ex employees or professionals with the ability to break the code. It’s certainly better than nothing; to truly keep your data safe, though, you need to go further.
4) Leverage MDM and Containerization
Mobile Device Management is a company’s best friend in this environment. Through agent apps, you can take control of anyone’s device participating in the service, ensuring software that is up to date and restricting downloads of suspicious or unknown apps. Services like anti-virus software and firewalls can easily be installed alongside it.
This type of central management and monitoring is invaluable in keeping your network secure and data safe regardless of devices used. It works especially well alongside containerization, which segments off a portion of the device to be under this central control and isolated from the rest of the software.
This ‘container’ uses a separate log-in and firewall, limiting liability and leading to more flexible, independent use of the device by the user. The result tends to be a near-perfect compromise between the freedom to use personal devices and the restrictions that securing sensitive information on those devices require.
5) Work Towards Comprehensive Buy-In
With encryption, MDM, and containerization in place, you set the stage for better device management even in less restrictive environments. The missing piece, then, is making sure that your teams are actually on board with this strategy.
In other words, you need buy-in across the organization. Without it, your employees will ignore the policy, download sensitive data on personal hard drives, and take other steps that can seriously endanger the company. You can get that buy-in by clearly explaining the benefits of this system, and how it protects employees from potentially serious violations that can harm themselves and the organization.
Of course, you still need the IT expertise to implement some of the steps mentioned above. That’s where we come in. Applied Innovations specializes in enterprise IT solutions, and we’d love to help get the most out of your BYOD experience. Contact us today to start the conversation, and leverage the benefits of this trend without falling victim to its threats.