Risks And Rewards Of Bring Your Own Device Policies

BYOD Policies

Letting employees use their own mobile device for work may appear like an easy win for small businesses. It cuts costs, employees may consider using their iPad at work as a perk and, away from the office, it enables them to remain connected to work email. Employees tend to take better care of them too, as they view them as their own property.

However, there are some dangers to allowing your employees to take their work home with them on a smart-phone or tablet computer. Not least, the security on these devices is almost certainly weaker than an average computer. This doesn’t matter much if they simply want to play games on it or keep in contact with friends. But it is a problem if they use it for work, because these devices can be much more vulnerable to hackers than a laptop.

Cybercriminals are increasingly targeting mobile devices in the hope of stealing the owner’s banking details. But if they hack into a device that doubles up as a work device they might unwittingly find a wealth of confidential business data that could be far more valuable on the black market than the user’s credit card number.

Employees using devices for both business and pleasure can create problems. It is not unusual for employees that download social media applications on to their device to uwittingly agree to transfer sensitive client information directly to a social media site. It is important for companies to establish clear policies on the use of mobile devices to help manage the fallout if something like this goes wrong.

Bring Your Own Device – Example Policies:

View a Mobile Device as a Company PC or Laptop

Whereas every work computer has a secure login, mobile devices are unlikely to have passwords to authenticate their users and control access to the data stored on them. The devices have the technical capability – it’s just their owners rarely bother to use it. So it can be a good idea to encourage employees to use the same strength login on their mobile device and their work computer.

Encourage all your Staff to Use the Same Device

It is much simpler to keep on top of security updates on iPhone or Blackberry handsets, for example, rather than several different makers’ phones and tablets. If everyone has the same device, they will all need the latest security patch and it only takes one email to every staff member with a link to download it.

Act Quickly if a Device is Lost

If one a device goes missing, the simplest and most effective method of limiting the security risk is to wipe the lost device. It is now possible to send it a message that deletes all the data contained on it, even if it has been stolen. Because this would also erase all the user’s personal files, such as their music and photo collections stored in the cloud, employees must be made aware that, as a last resort, you will have to wipe their device if they lose it.

Remember your Responsibilities to your Clients

It would be highly embarrassing for your firm to admit to your biggest client that an iPad containing some of its confidential data has been lost. But, if you try to keep it quiet, you might land yourself in bigger trouble with the information watchdog, whose job it is to make sure people’s personal data is kept safe.

One solution, which many firms have adopted, is to write a protocol explaining when customers will be informed if a device containing their data has gone missing. Most companies will not tell clients if the device was left in a taxi or stolen in a bar. Providing you have a protocol, and follow it if a device is lost, information watchdogs are unlikely to take action against the firm.

Having set out these safeguards, a Bring Your Own Device policy can make employees feel more positive about working for a company, and allow them to work on the go. As long as bosses are aware of the potential pitfalls of encouraging their teams to use them, and prepared for any problems they might encounter.

Matt Norris is the Global Head of Technology Media and Telecoms at specialist insurer Hiscox. An expert in cyber crime and privacy he has a global understanding of emerging risks faced when using the internet. Matt has been analysing and underwriting network and data security risks since 1998 and has built up a comprehensive knowledge of the industry during this time. From viruses to hackers and electronic identity theft, things move at lightning speed in the online space and Matt works with small and large businesses to help them understand risks that they face.