The rise of cloud communications has paved the way for more companies adopting a bring-your-own-device policy. The prevalence of wireless technology and the emergence of cloud tools that keep us connected at all times make BYOD such a logical next step.
For users, the ability to work from your personal device without the need to shift from one device to another and the ability to work from virtually anywhere is just hard to pass up. For employers, the advantage of not having to provide mobile devices for their employees while still having them connected to your main communications system really drives down cost. It surely is a win-win situation for both the employer and employees.
However, like anything else in this world, BYOD policies comes with its own set of challenges. For one, the line between personal and company owned data will probably get skewed and the number of non-IT staff controlled devices that are connected to the company is presenting new security problems as well.
To give you more of an idea, here are the top security risks of implementing a BYOD policy:
Lost or Stolen
According to a 2013 Ernst and Young study on BYOD, about 22% of all mobile devices produced will be lost or stolen during their lifetime and about 50% of all these lost or stolen devices will never be recovered. While majority of these devices are stolen for the value of the device itself, the number of lost or stolen devices whose information were accessed is also growing. And with personal information mixed with private company information in one device, the risk of those information getting out in the open in the event of theft is now a scary possibility.
No Password Protection
A lot of users do not really protect their personal devices or the applications within their devices with passwords. Or even if they do, they tend to choose simple passwords for convenience. These devices are easily compromised in the event of theft or hacking.
Mobile App Breach
There are tons of malicious apps out there whose goal is not only to corrupt the device software, but also to hack and access private information within the device. And with your personal and company information being treated the same way, both are in danger of falling to unscrupulous groups or individuals. Aside from that, even apps that are deployed by the company itself can be a problem. Even if an app is provided by the company, if no safeguards are incorporated in the app, then it is still susceptible to attacks.
Non-Encrypted Data and Connections
Imagine your data, including voice, going through the public internet without protection or safeguards. It can be intercepted while in transit or while at rest.
So what can you do? Should you just scrap BYOD altogether? Well, there are certain ways to improve security so that you can safely implement BYOD in your company. Here are some tips:
- Secure the mobile devices - A lot of the problems above can be addressed by securing the mobile device itself. Company should invest in a mobile device management (MDM) solution that can enforce security policies and ensure only approved devices can access your network and resources. Invest in heavy encryption as well, to protect your network infrastructure and your data as it passes through the public Internet.
- Secure the apps in the devices - Of course, this is easier said than done. After all, you are essentially suggesting regulating the apps within personal devices of users. What you can do is encourage apps from an in-house app store that are secure.
- Choose cloud providers that offer top-notch security and protection - For example, cloud phone system providers like RingCentral have highly redundant and heavily encrypted connections to protect data traffic.
- Use mobile anti-virus programs - This will help protect the mobile device’s OS and software, plus most anti-virus tools can detect malicious apps and pages that can be harmful to the device.
- Perform continuous risk-assessment - Identify and monitor all possible susceptibilities in your network and devices. This is not a one-time thing. Dangers to your data evolve as fast as technology improves so a continuous audit should be implemented as a best practice.
Lastly, you should also involve your employees in the discussion. After all, it is their own mobile devices that you are trying to protect and regulate. They should have a say in the matter or they will not buy in to your BYOD policy.