As technology advances, more organizations are embracing a “bring your own device” (BYOD) policy. These policies allow employees to use their own personal devices, such as smartphones, tablets and laptops for work purposes. The concept is rapidly gaining steam in the business world, with 74% of businesses reporting that they have adopted or have plans to adopt a BYOD policy, according to recent surveys.
Still many companies are hesitant, citing concerns about security, IT support and loss of control and regulatory compliance issues. Is this throwing the baby out with the bathwater, or are these companies merely being sensible?
Any compromised devices accessing the network can pose risks and easily expose sensitive information. For personal devices, there is less company control over the maintenance of the device, and that is understandably scary for some employers.
It really boils down to management. It’s estimated that fewer than ten percent of companies know all of the devices that are connecting to their networks. While many organizations that allow BYOD have a policies in place, few of those manage their BYOD beyond policy implementation.
Employees don’t have information about the risks of using their devices. For example, they might access unsecured Wi-Fi networks with the same device that they access company networks on – sometimes even unknowingly. On the unsecured network they can easily pick up malware that compromises company assets.
Malware can be found through legitimate seeming apps as well. Symantec reports a 230% increase in malicious apps from 2014 to 2015, detecting 3.3 million malicious apps. Even standard features, like Airdrop, can present real risks to your network through your employee’s devices.
BYOD policies need to be implemented with a set of protective policies and procedures that ensure security. Your BYOD plan should:
- Ensure staff uses secure passwords on their lock screens
- Mandate malware-scanning applications on devices
- Provide for the installation of remote tracking and erasing, in the case of device loss or theft
- List types of devices allowable – and ensure they are secure enough to connect to your server
- Identify which apps are or are not approved on devices accessing your networks
- Include monitoring strategies
- Integrate with your acceptable use policy for accessing secure networks
This might sound scary, but the reality is that effective BYOD policies can greatly enhance employee quality of life and productivity. Most employees prefer to use their own devices, as it helps them balance their professional and personal lives and makes them more productive.
So should you allow employees to bring their own devices? Yes, as long as you provide oversight and management. Without management, the risks are too great. For the best results, work with anIT security company to ensure that your BYOD policy covers all your bases and can be implemented safely.
Do your employees bring their own devices to work and access company assets without security measures in place? This is just one of many potential network security risks. Protect your business.Contact us for a free network assessment.