BYOD: Convenience or Security Risk?
Back in the day, many companies placed strict restrictions on workers’ in-house access to company data and the Internet. Work-related functions were limited to computers and networks located on site, with access to popular sites such as Facebook blocked. Today many companies are moving toward a bring-your-own-device, or BYOD environment, either by design or by happenstance. In fact, 55 percent of companies across the United States have implemented some form of BYOD policy, according to the Third Annual Trends in Enterprise Mobility report issued in 2014 by CompTIA.
“Employees– particularly revenue generating employees– want to use their own mobile devices for work-related communication. Although this trend frees up IT resources from having to manage these devices, since they are not the responsibilities of the corporation, help desks and information security will be increasingly challenged,” according to Kevin Duggan, President and Chief Executive Officer of Camouflage Data Masking Specialists, based in St John’s in Newfoundland, Canada.
Indeed, BYOD presents significant advantages, but there are also risks involved, especially if companies fall into a BYOD situation without putting a viable administration plan in place. It just makes sense to understand the advantages and the hazards of BYOD, and to develop a viable policy to maximize the benefits and minimize the risks.
Enhanced Employer Satisfaction and Productivity
A 2012 Computer Weekly story quoted an Evolving Workforce Research report issued jointly by Dell and Intel that suggested that workers are more productive in workplaces that permit or encourage BYOD conduct. Individuals naturally feel more comfortable working with hardware and software that is familiar and that has been customized to their particular preferences. The same report stated that employees in companies that had adopted BYOD policies often felt more satisfied than their counterparts in companies that had not done so.
Reduced Operating Costs
According to a Good Technology State of BYOD report issued in 2013, more than half of all workers in companies that supported BYOD paid all device and service costs out of their own pockets. Even many companies that issue hardware to employees delegate basic maintenance responsibilities – and expenses – to workers. Additionally, many tech-savvy individuals are likely to update their gadgets and tools regularly, in contrast to many companies that hang onto serviceable but outdated equipment in a bid to save money.
Maintaining data security in a BYOD environment gives many Information Technology directors and staffers headaches. This is especially true for companies that must adhere to strict privacy standards established by the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Unauthorized access — for instance, through weak passwords or careless Internet surfing via public Wi-Fi networks, not to mention lost or stolen hardware, can leave companies vulnerable to data leakage of sensitive corporate data or adverse legal action.
“Any sensitive data that resides on the devices should be both encrypted (protecting data in transit to and from the device) and masked (protecting data on the device itself). In the event that the data falls into the wrong hands, these measures will provide security from less sophisticated threats and buy time for more sophisticated ones,” Duggan explained.
Compatibility – or the lack thereof – also presents significant challenges to implementing a BYOD environment. Even in a small company, it’s conceivable to encounter a scenario where Jane loves her iPhone and iPad, while Josh is loyal to PCs. Meanwhile Andrew is a hardcore Linux user and Lisa is partial to Android. Document sharing across platforms and operating systems can often be accomplished through applications such as Dropbox, Asana, Google Docs or Evernote. Coordinating compatibility for software is an entirely different matter.
Proper Care and Feeding of a BYOD Environment
Protocols for minimum hardware requirements can ensure that devices employees utilize in the workplace can perform necessary functions and are compatible with proprietary software. Auto-lock functions along with updated firewalls, anti-virus and anti-malware software should be a requirement for all employees using their own hardware for work-related functions. Remote wiping capabilities should also be mandatory in the unfortunate event that employees’ BYOD hardware falls into the wrong hands. Employers should also institute clear policies concerning circumstances such as acceptable Wi-Fi Internet access, reporting of data breaches and lost or stolen hardware.
It is unrealistic to maintain a long-term policy of prohibiting employees from using their own devices for work, especially away from the workplace. Instead, company owners and employees must collaborate to maximize benefits and minimize risks of a BYOD environment.
“All parties should understand what the IT responsibilities are and what their responsibilities are,” Duggan stated.
BECOME AN ACCA MEMBER