IT infrastructure extends far beyond the office these days. Business-on-the-go once referred to the travelling salesman, checking in with the boss at the next pit stop with a payphone! Today, people can check-in to the office from virtually anywhere. Remote working, working from home and digital nomads are all viable and common work practices made possible by unified communications, multi-device software and continuous improvements in consumer technology.
Do you bring your mobile/laptop/tablet to work? Do you access work-related data and applications from your personal device? The BYOD (bring your own device) culture has gathered momentum, but businesses should be aware of the implications it can have on your IT security.
BYOD is a practice that is expected to continue to grow in popularity. The United States is leading the way, where 87% of companies rely on their employees using personal devices to access business apps. This is becoming less of a choice and more of a requirement. There are many reasons for the BYOD explosion:
With annual licencing costs, software updates and maintenance costs, IT resources can be expensive. BYOD decreases the investment businesses make on IT. Not only is this good news for the business, but it is easy to put into effect because nearly everyone has a smartphone.
According to Deloitte:
“90% of Irish adults have a smartphone while the number of people with access to a tablet has increased from 64% to 71%. We are increasingly using our phones and tablets for purposes which we traditionally used PCs and laptops for including work.”
Not only are Irish people already using their phones for work, they are also likely to look for a device upgrade 12 months after their initial purchase. It follows that consumer technology is often further developed than the typical company-wide IT infrastructure. Few Irish companies can keep their technology this up to date.
There have been a number of studies conducted on this subject, with Cisco finding that on average employees saves 81 minutes every week in productivity if they are using their own device. This is attributed to ease of use. People are familiar with their own device and do not need user training to navigate the interface. Not only does this feel more comfortable, but it offers people the potential for a better work/life balance.
This leads us back to business-on-the-go. Employees and employers benefit from the flexibility of being able to work outside of the office. Take ‘the beast from the east’ as an example! People all over the country were forced to stay at home, many for at least three working days. BYOD and the ‘anywhere access’ it provides makes unpredictable occurrences such as this a non-issue.
What happens if an employee loses their device or it is stolen? Are devices used for personal reasons more likely to encounter malware? These are justifiable concerns for any business.
The primary risks associated with BYOD are:
The importance of IT security has become increasingly apparent since 2017, the year which reminded businesses all across the world that cyberattacks are a real and constant threat. So, where does BYOD fit into IT security? The answer is the combination of a strong mobile security solution and a clear BYOB policy.
It is essential to choose an enterprise-grade mobile security solution for your entire mobile infrastructure. Comprehensive end-to-end security ensures that there are no vulnerable links in your network and continuously scans traffic for usual behaviour. While defending your devices from malicious attacks, a sophisticated mobile security solution will enforce your security policies across all devices and users.
BYOD should not be a free-for-all, although right now in many businesses it is. This is simply because of the enduring fact that culture struggles to keep up with technological developments. However, a simple and straightforward BYOD policy can get everyone quickly up to speed.
In the policy, outline exactly what is an acceptable use of BYOD for your company. Assume your sensitive data will go everywhere: to the user’s home, on their commute to work, to cafes and restaurants, and probably even on holiday. It may be helpful to list the applications that are permitted during work hours, and others which are not.
Remember that personal devices are notorious for distracting users towards personal errands, so a clear statement of the company’s opinion on this kind of activity during work hours can be worthwhile. Alongside this should be the usual necessary references to appropriate behaviour in the workplace.
Does the company offer any kind of reimbursement towards the cost of the device? Typically the user’s device will need to store business applications which eat up storage and energy. Determine what exactly are the company requirements from the user’s device and from there decide the level of reimbursement necessary.
What devices does the company support? Who is responsible for technical issues? What problems are the IT team’s responsibility? These questions need clear answers to avoid confusion when an issue does arise.
As with the company computers, it is a good idea to have a security guide for BYOD users. This section should include recommendations for setting and storing passwords, device security settings, application privileges and general mobile security awareness.
This section should define what happens if various unfortunate events should arise. Recommendations should be made about what course of action the user would take and what the company’s response would be. The company’s right to access data and wipe data from devices should be defined. Equally, the protection of users’ personal data should be guaranteed. Where liability falls for each eventuality should be stated and what rights the company reserves in worst-case scenarios.
With the right framework in place, both employers and employees can benefit from a BYOD practice. Setting boundaries and implementing security measures will ensure there are no inherent risks, leakage, or misunderstandings. Get in contact today to strengthen your IT security against cyberattacks and network security breaches!
Are you looking for a company to take your IT support to the next level? Make sure to give us a call on 01 664 4190 or contact us for a chat about your IT challenges and needs. We are always happy to offer some sound advice on how you can best support your growing business.