The adoption of Bring Your Own Device (BYOD) shot from 56.8% in 2013 to 69.2% in 2014, a fact that emphasizes the growing popularity of a new work culture in the horizon. This is significantly different from the situation a decade ago, when employees were compelled to use only the devices issued to them by the company’s IT.
As is apparent, that is changing fast. Findings, such as the one conducted by Gartner technology research firm, suggest that half of all employees in the U.S. enterprise sector will use their own device by the end of 2017. Love it or hate it, but you can’t simply ignore BYOD.
Done well, BYOD offers big benefits to corporates such as increasing workforce productivity, decreasing operational costs, morale boost to employees and driving profit. The only challenge that stand in the way for many corporates who are still reluctant to adopt BYOD in their company policy is its security – or the lack of it. Because employees use their personal mobile devices that can be used to share data on the cloud, the risk of data leakage or theft is pretty high.
So how can your company adopt an effective BYOD strategy without compromising security? Below, we throw some light on how to implement a safe BYOD policy for your enterprise.
Set Clear Security Policies
Typically, enterprises document their IT policies to communicate the freedom and limitations of using electronic devices in the business network. BYOD is no different, except that your company should clearly articulate the extent to which BYOD endpoints could be supported. For example, the BYOD policy should mention how can your company support the configuration, maintenance, troubleshooting cost of employee mobile devices.
Also, your policy should tell employees to install enterprise mobility management (EMM) and mobile device management (MDM) applications to support centralized protection, device passwords, data encryption, and so on. In case an employee decides to leave the job, these apps can be used to remotely wipe or lock sensitive enterprise data and severe connection to the corporate network.
Respect Employee Privacy
Following the notorious litigation between Saman Rajaee and Houston-based Design Tech in 2012, companies interested in implementing BYOD policies have learned a good lesson about drawing a line between controlling corporate data and respecting employee’s personal information. Rajaee lost the case, and the message that came out of the case is the real winner – anything that transmits information through an organization’s systems is subjected to monitoring and inspection at any time. Employee privacy rules are mandated by Federal Trade Commission (FTC) and other federal laws, and it prohibits companies from accessing an employee’s personal details like family photos, text messages, credit card information, etc. – despite the company being able to do so.
Therefore, a middle ground to overcome the thin line between personal and professional data is to encourage employees to create a separate account for work-related communications. If need be, use containment tools to distinguish personal data from work data.
Expand Security Budget
According to a 2016 survey done by Crowd Research Partner, companies are complaining about the rising threat of malware and data breach but are not taking proactive measures to curb the risks.
“Despite increasing mobile security threats, data breaches and new regulations, only 30% of organizations are increasing security budgets for BYOD in the next 12 months. Meanwhile, 37% have no plans to change their security budgets,” states the report.
If your organization is spending lesser on procuring new endpoint devices thanks to the BYOD boom, then you should definitely consider expanding the security budget from the money saved on buying new inventory.