Small Businesses and the Bring-Your-Own-Device Dilemma

It’s time to turn your attention to mobile devices. With the rise of bring your own device (BYOD), many companies expose themselves to risks they may not be aware exist.

What is Bring Your Own Device (BYOD)?

Employees utilize personal technology (like phones or tablets) to execute work-related functions. Sometimes, this means accessing confidential, sensitive files.

This becomes a problem when you realize that the rise of hackers targeting mobile is rising, and will likely continue to do so as they learn more about mobile vulnerabilities.

According to the Forrester Research’s Forrsights Workforce Employee survey, 70% of companies who responded have some type of BYOD program in operation. Of that, 62% of employees use their cell phone for work tasks, 56% use tablets, and 39% bring their own laptops. The more alarming part of these numbers is that in spite of 85% of businesses claiming a moderate risk from mobile threats, 32% sacrificed security for expediency.

Those who prioritized speed over safety were 2.4 times more likely to suffer a data loss or downtime than those who didn’t. (45% vs 19%)

Why Use a BYOD Policy?

Often, BYOD means lower cost for the company and more flexibility. But it comes at the price of higher risk and exposure to hackers, viruses, and information theft from within the company. All it takes is one careless employee to accidentally send a work-sensitive email when they intend to send a personal one.

Problems with BYOD

It’s difficult to regulate security on BYOD devices.

Because they’re not company-owned, employers can’t mandate that employees do certain things with their personal devices. “So we’ll just ban personal devices at work,” you may think. While in theory it sounds great, it’s a tough practice to enforce unless you’re willing to pay someone to patrol your workplace at all hours searching for phones, or you’re considering a “turn them in as you enter” policy. (We’d suggest you rethink that.)

Implementing privacy regulation on personal devices can be met with resistance.

Often, privacy regulations involve encryption apps, mobile anti-virus, and other forms of security implementation that can slow performance on personal devices, leading to frustration and deletion of such programs, sometimes without notification.

Managing data becomes murky.

Maintaining control over data on personal devices requires participation from employees to upload the data to a central location for company access. Employees may forget or simply grow tired of the extra steps required.

How to Combat BYOD

The most obvious answer is to provide employees with company devices for company work. Provide ample education on safety and best practices, as well as how to prevent security threats while traveling for business.

But if that’s not a route you’re able or willing to take, here are other suggestions:

Implement a Mobile Application Management protocol (MAM) that restricts access inside of files to need-to-know-only information
Implement a Mobile Device Management protocol (MDM) that can wipe company-related data on devices without damaging personal data
Require 2-factor authentication for work-related applications or sites
Utilize encryption before files can be opened or sent
Send reminders when it’s time to update Operating Systems
Educate employees on the importance of strong passwords (this includes changing default passwords)
Provide recurring training on ways to stay safe on mobile, tablets, and other personal devices

Most importantly, whether you decide to accept the bring-your-own-device movement or provide company devices, it’s critical that you have a disaster recovery plan in place. Things happen despite thorough training and exercising caution, and when they do, you’ll want to have thought of everything that needs to be done to prevent as much damage as possible.