August 11, 2015

Security for BYOD: Simple Solutions for Workplace Concerns

Bring your own device (BYOD) is a workplace policy that lets employees use their own smart phones and other devices on the job.

A recent Tech Pro Research survey showed that 74% of organizations are either already using or planning to allow their employees to bring their own devices to work.

While 87% of BYOD devices are smart phones, according to the BYOD & Mobile Security Report, 2014, the ‘phablet’ (a larger display-size smart phone), and ‘wearables’ (such as smart watches), are increasingly being brought into the workplace too.

All these devices make working easier and more convenient to do and save employers money. But because the devices access confidential company information they also heighten security-related issues.

Here are 8 BYOD concerns that organizations have and some simple solutions to help resolve them:

1. Loss of company or client data. Allowing employees to use personally-owned devices to do their job increases the risk of company or client data loss. Furthermore, a Privacy Rights Clearinghouse fact sheet points out that employers assume all the legal, reputational, and other business-related risks. The solution: Develop a comprehensive Bring Your Own Device policy to ensure security when devices are used.

2. Bad apps. Employees may inadvertently download a malicious app or become the victim of a phishing scam. The solution: On-going security awareness training is critical.

3. Lost or stolen devices. Portability increases the risk of devices getting lost or being stolen. The solution: The BYOD policy should explain what to do if a device is lost or stolen (immediately notify the organization), and IT safeguards should be in place. The top three mobile device management tools, according to BYOD & Mobile Security Report, are password protection, remote wiping of data, and encryption.

4. Poor work habits. Research shows employee negligence is the cause of many data breaches. The solution: Training that highlights practical processes is key.

5. Compliance. There are different laws that companies must adhere to in the workplace. In some legal proceedings, work-related items on employee-owned devices will be required. The solution: On the BYOD checklist – address compliance with security laws and legislation that are specific to your industry. Employees should back up company data.

6. Data ownership. There’s controversy about who owns the data on these devices. The solution: The BYOD policy should clearly state that the organization owns the company data on the devices. Employees should back up their personal data.

7. Employee concerns. According to a Webroot survey, employees worry that employers have too much control (for example, they can track the employee’s location). The solution: Security for BYOD is both a technology and communication issue, said Mike Alloy of Webroot; he recommends involving employees in important BYOD security decisions.

8. Old and out-dated equipment. When employees get a new smart phone, they often haphazardly store the old one, or they give it away. But wiping a hard drive or deleting sensitive information does not guarantee its destruction. The solution: Employees should be required to bring out-dated smart phones and other devices for secure destruction by the company’s document destruction partner.

Learn more about how to protect your electronic data once it has outlived its usefulness. Find out why it’s just as important to use a secure shredding process to destroy all paper-based information that is no longer needed, too.