September 25, 2014

Cybersecurity: 10 Reasons Why You Need a CYOD Policy

With so much hype right now about the permanent and positive changes that personal devices – and BYOD – have made in the workplace, the issue of information security needs to move more into the spotlight as well.

And it has.

BYOD, or "bring your own device", allows employees to use any electronic device they want to use for work whether it’s their home computer, tablet or smartphone. But while BYOD has been shown to boost productivity (working anywhere at any time provides employees with flexibility and control), it also increases the risk of security breach incidents. In effect, there are any number of devices being used by the workforce with access to company networks and proprietary and private information.

That’s where CYOD, or "choose your own device", can make a difference.

CYOD provides employees with a list – and variety – of company-owned devices that they choose to use. While CYOD provides similar benefits to employees, it also provides better safeguards and data security all around.

Here are 10 reasons why every workplace should have a CYOD policy.

  1. Mobile policies. Your company should have a mobile strategy of some kind in place. According to Acronis 2013 Data Protection Trends Research conducted by Ponemon Institute, approximately 60% of companies still don’t have security policies regarding the use of mobile devices. 
  2. Job satisfaction and flexibility. Employees still have the freedom to choose their own device. CYOD just narrows choices to a pre-approved list of company owned devices.
  3. IT control. CYOD ensures the control of information security is in the hands of your IT department A recent Centrify Corporation study conducted by Osterman Research shows that 15% of employees believe they have “none to minimal” responsibility to protect corporate data stored on their personal devices.
  4. Private information stays private. All devices are pre-installed with security software and set up with the appropriate administrator, firewall software and network settings. The Osterman Research shows 43% of employees have accessed sensitive corporate data on their personal device while on an unsecured public network such as the airport or coffee shop.
  5. Peace of mind. When sensitive files travel outside the office (and they will), the company can rest assured encryption and other protection is being utilized to protect the data.
  6. Culture of security. Effective protection comes hand in hand with an organizational culture of total security; a CYOD policy should be part of a comprehensive information security policy.  
  7. Control of downloads. Employers decide which apps, information and functions are authorized – 45% of employees in the Osterman survey had more than six third-party applications on their personal device.
  8. Password protection. IT sets up devices with the latest information security tools including password protection, one of the most basic safeguards. In the Acronis 2013 Data Protection Trends Research conducted by Ponemon Institute, only 31% of organizations mandate this excellent security tool on personal devices.
  9. Lost device? CYOD enables companies to delete sensitive data if a device is lost or compromised. Also, the device is retrieved if an employee is fired or leaves the company.
  10. CYOD maintains control when a device is outdated or not working anymore – it is important that any sensitive information be securely disposed of. Hard drives must be physically destroyed to ensure data cannot be recovered. Speak to your document shredding company about hard drive destruction.  

To learn about other interesting information security trends in North America, link to the fourth annual Shred-it Security Tracker