This ‘Bring Your Own Device’ trend, or BYOD, is certainly here to stay. But while this use of technology clearly has its advantages, the risks associated with this practice are often underestimated, not only by the staff but also by the company’s management.
To understand where these risks lie, let us look at the application that is most commonly used on personal devices, namely email. In a typical example, an employee’s smart phone will be configured to connect to the corporate Exchange server. This makes a lot of sense, because it allows that employee to access their email when they are on the road, out at lunch, or even just sitting in front of the television at night. And because Microsoft Exchange does a lot more than just handle emails, that staff member can also access the company contacts database, view his or her appointments, and so on. All of this means that the employee is able to communicate more effectively, while the company benefits from enhanced productivity. So why would anyone mind?Well, the trouble is that a lot of confidential information is sent via email these days. Financial statements, management reports, HR documents, product development information and confidential client information, to name a few examples, are all sent via email. In the past, email was largely contained within the business premises, where it was safeguarded by the company’s security systems.
Of course, there were those roaming laptop users who carried data on their machines out into the wild. But those machines were still protected, to varying degrees, by the company’s security systems. Password complexity policies were enforced by the company’s IT department, who also managed the anti-virus protection, configured hard drive encryption, and so on. 
With BYOD, however, that picture changes. No longer does the business control the device. It’s a personal machine, which has the staff member’s own software and data on it, as well as corporate data. The configuration of the machine is not managed by the company, so there is no way to control the security of that device. Even simple things, such as a suitable password policy, cannot be controlled by the business. Considering how easily these devices can be misplaced or stolen, the risks to the company are significant.1. Specify What Devices Are Permitted – There are many device choices, from iOS-based phones and tablets to Android handhelds and many others. Make it clear to employees which devices you will support; in addition to whatever corporate-issued devices you continue to deploy—and which you won't.
2. Establish a Stringent Security Policy for all Devices - Users tend to resist having passwords or lock screens on their personal devices. However, there is often sensitive information to which devices connected to your network have access to allow such easy access
3. Make It Clear Who Owns What Apps and Data - While it seems logical, on the face of it, that your company owns the personal information stored on the servers that your employees access with their devices, it becomes more problematic when you consider the problem of wiping the device in the event it is lost or confirmed stolen. When you wipe the phone, traditionally all content on the phone is erased, including personal pictures, music and applications that in many cases the individual, not the company, has paid for.
4. Define a Clear Service Policy for Devices under BYOD Criteria - It's important for employees to understand the boundaries when questions or problems appear. Considerations for IT support need to be defined.
5. Set Up an Employee Exit Strategy – What will happen when employees with devices leave the company? How do you enforce the removal of e-mail access, data and or any other proprietary applications and information?
With these few steps, a company can significantly reduce the risks associated with BYOD. If you need assistance with creating a policy, please give us a call.
- Janet F, IT Consultant
#1 - 495 Banks Road Kelowna, BC V1X 6A2
Phone: 250.762.7753 Fax: 250.861.1861 Toll-Free: 1.877.257.2896
Email: sales@northerncomputer.ca or service@northerncomputer.ca
Web: http://www.northerncomputer.ca
0 comments:
Post a Comment