Bringing Your Own Device to Work
Also known as BYOD, bringing your own devices to work is more popular than ever and the trend will continue. New technologies like Citrix and VMWare have made it extremely easy to work anywhere, on any device. The benefits are obvious to employers; employees can be more productive. But, are we overlooking the risks? BYOD is such a common practice, there is a Wikipedia entry, but within the four short sections, one addresses the issues:
BYOD has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone.
Another type of security breach occurs when an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device.
Risks On Each Side
To protect themselves, employers are issuing BYOD policies to employees outlining the conditions, but these policies fall short in many ways. As employees use devices for both personal and business use, the borders that distinguish to two begin to blur. A slip up of mistaking a business email as a personal email is relatively minor. The biggest ambiguities involve security holes that develop from personal use which is a risk to the business and businesses provide services that employees might use for their personal life that can be taken away.
Security Holes for Businesses
When something is easy, we take the complications that can occur for granted. Then, when there is a complication, like a security breach, businesses are forced to react.
There is, and always has been, a tradeoff between security and easy of use. A door with 10 locks on it is probably secure, but unlocking and relocking the door would be inconvenient. With BYOD, businesses need to understand the security risk, do their best to monitor those risks and train employees on how they can help minimize those risks for the business.
Losing Services for Personal Use
Employees should also be trained on how to keep their personal communications and their business communications separate. Carrying out personal communications using business services puts the company at risk, but the opposite is also true. If an individual parts ways with a company, their personal communications can vanish. Imagine losing all of your calendar events and emails with healthcare providers. It can be devastating.
The Common Problem
Not explicitly stating what these policies imply, how these services work and probable scenarios at the outset of BYOD policies puts everyone at a disadvantage. To maintain the convenience of BYOD policies, proper training is crucial. If you need help implementing a BYOD policy in your office, we’d love to help. Not all IT and networking solutions involve massive infrastructure implementations. Sometimes, a little training can go a long way