The Security Impact of BYOD on Small to Mid-sized Businesses
Today’s employee is more connected and mobile than ever. Whether it’s at home or the office, they’re always online. In fact, many employees now walk around with several mobile devices — a personal one and a business one. Which can be a real annoyance.
That’s why many businesses, large and small, are embracing the BYOD movement – that’s Bring Your Own Device. Yet this convenience is a real headache for security professionals. They’ve got to balance the security of the data being transmitted with the freedom employees want. It’s a constant struggle between technology and privacy, intellectual property and freedom.
If your business is looking at BYOD for your employees, here are a few questions to keep in mind.
1. What are the issues with BYOD in the workplace?
BYOD has three big issues for businesses:
Access to the device: Employees tend to be more relaxed and casual about their personal devices. They’ll leave them unattended on a table in a public place or let their children play a game on it. Either is a big problem for you, as it opens your business to risks that are out of your control.
Secure access to the network: Employees use their mobile devices to access everything from their corporate email to network gateways and more. Good for productivity, but a nightmare for security professionals. Finding the best security systems that work for your business is critical.
Ability to detect issues when they arise: Knowing when issues happen is important for your business. Your IT support teams want to troubleshoot issues immediately so that downtime is kept to a minimum. However there can also be legal implications to any issues as well. That mainly depends on the type of information you deal with, so having a clear understanding of what you need to do to keep it safe is also critical.
2. Should you accept BYOD?
Yes, BYOD apparently increases employee morale and job satisfaction (at least according to Gartner). You’ll probably get through more of those innovation projects you never had time for before. Employees save between 45-60 minutes each week by having “any time, anywhere” access through BYOD.
Note: One thing businesses should not always bank on is the cost savings they may enjoy by using a BYOD policy. Initially you’ll see some cost savings because you’ll be buying less hardware, but you could more than make up for it in extra support and data services costs.
3. Why should a business have a BYOD policy?
Creating a BYOD policy is often skipped for the very reasons that you should create one. There may simply be too many variables to consider, for instance:
- The legal implications for your firm because of what your employees do on their phones.
- Consider how you deliver business apps to employees. Do you set up an app store that only employees can access? Or do you rely on the public one?
- And what about policing guidelines you’ll need to create, implement, and enforce.
You can get a headache just thinking about all these things.
It’s an important exercise for any size business, including small to mid-sized businesses. Thinking about legal, IT, and finance implications doesn’t have to be complicated.
4. What should I include in my BYOD policy?
Security: A robust layer of security between the devices and your network helps to control access effectively to the network. You’ll be able to prevent unauthorized access and data loss. People don’t like passwords and lock screens on their personal devices, but it’s vital to enforce this.
Allowed Devices: Decide which devices will be allowed as a BYOD. Make it clear to employees which ones you’ll support and which ones you won’t. If you don’t, you’d be amazed at the number of different devices that will show up and people wanting tech support for them. Not to mention what kinds of problems they can inadvertently cause on your systems. That all adds up in costs — hard costs (salaries) to fix things that break and productivity time lost from people with unapproved devices who can’t access your systems.
Communication: Explain your policies not once, not twice, but as often as necessary so everyone has a clear understanding. Staff should be able to tell you what your firm’s policies are, how the policies affect them directly, and what the consequences are for losing a device or using an unapproved one. Hearing “But I didn’t know!” when something goes wrong will become the exception, rather than the rule.
Bonus Tip: Include BYOD in Your Existing Acceptable Use Policy
Knowing what to include in a BYOD policy is one of the more confusing aspects of a BYOD policy, as the lines between business and personal use are becoming blurred. Your firm doesn’t own the device they’re using, yet it’s still considered a corporate device under BYOD. Which means it falls under your existing Acceptable Use policies. If you’re using BYOD, then it’s time to update it.
Here are a few questions to consider:
- What if an employee forgets they’re connected to your network and browses objectionable websites?
- What if they transmit inappropriate material over your network?
- What sanctions are there for such activities?
- What monitoring tools are you using to detect such activities?
- Are You Ready to Go BYOD?
Allowing employees to use their personal mobile devices as their business device is growing in popularity. Employees like it because it reduces the number of devices they have to carry, yet many businesses are scared to offer it because of the security implications. With a little bit of research and planning, you can create a clear and understandable BYOD policy that meets your security needs, yet gives your employees the freedom they’re looking for.
It is really import for business to take control of their networks.
Kerio Control and Kerio Connect support BOYD management solutions for business to control and management employees devices on company networks.