In the recent years BYOD (Bring Your Own Device) has become increasingly popular for employees to use at work. It has been estimated, by a report from Gartner, that by 2017, at least half of employers will require BYOD. Gartner’s report also stated that governments and organisations, of all sizes, are beginning to use BYOD, although it is more common in midsized and larger companies.
What Are The Benefits Of BYOD?
The main benefit, of allowing employees to bring in their own devices, is that businesses will be saving on average £150,265 every 5 years, its no surprise that businesses are beginning to embrace this idea since information security is such a growing issue. Some employees also like using their own devices, as they know how to use them.
Companies will find it impossible to stop their employees bringing in and using their own devices for work purposes, so they might as well catch onto the BYOD scheme to save time and hassle. With smaller businesses not having the money and the resources to allow every single one of their employees to have their own phones, tablets etc., it is more cost efficient for employees to use their own devices.
How Is BYOD A Risk?
The downside to using BYOD is that, due to the company not owning the device they can encounter many problems. One of the problems they could have is not being able to control what the device is being used for. Employees could download a virus, which might end up corrupting data. With the employees owning the devices they have a right to deny the business access to install monitoring software, resulting in the company not being able to monitor the use of the device.
If the employer does not set out some guidelines for their employees, that wish to use their own devices, then they can encounter some serious problems. Businesses also have to ensure that company data does not merge with employee’s personal data. Employees will need to ensure that non-employees, such as family members, are not able to access any work data and compromise the data.
If any employee or client data is lost then it could result in the company breaching the Data Protection Act, making them vulnerable to legal claims. The employer is the only party that is responsible for the protection of company data and data protection requirements, it doesn’t matter who has ownership of the device, the company still has ownership of the data, and is responsible for what is done with it and where the data is shared.
If the company does not change the security when someone, who has been granted access to data, leaves then this could result in that person still looking at and possibly corrupting data once they have left, as they will still be able to access the data.
The most important things that companies will need to consider are:
- Which type of corporate data can be processed on personal devices?
- How can corporate data be encrypted and have secure access to it?
- How can corporate data be stored on personal devices?
- How and when should corporate date be deleted from personal devices?
- How will the data be transferred from a personal device to company servers?
Any easy way for companies to ensure maximum security, for their data, would be to have every personal device, that will be able to access company data, reset to its original factory settings. This should be done before the device is allowed access to any of the data, reducing the risk of a virus on the device, without doing it; data could end up getting corrupted.