Four BYOD Questions You Need to Be Able to Answer

Young people using smartphones
Check your schedule. Pay for your coffee. Read the news. Check the weather. Hail a cab. Jump on a video call. Email your mom. Ten years ago, most people used multiple mediums to accomplish these routine tasks: paper, computer, TV, phone, webcam, etc. Today, many people are using a single device to complete the many tasks that fill their days — and the lines between personal and work use are blurring.

Implementing a bring your own device (BYOD) policy at your company has its advantages — employees can be productive even when they’re on the go, for example — but it comes with risks too. From ransomware to data breaches, there’s a lot to be concerned about.

To even begin to mitigate those risks, you need to make sure you’re able to answer the questions below.  

Do You Know Who's Prying?

Imagine this scenario: One of your sales reps is on the road, but she needs to access and update a contract that lives on your local network.  She stops at a coffee shop and connects to its public WiFi. Little does she know that WiFi hot spot is also the target of a hacker who is swiping unencrypted data from everybody who’s connected to that router. The data sent and received by your sales rep can be easily poached by the hacker and released to the public on the internet, sold on the black market or held for ransom.

Public WiFi hotspots can be a scary place to connect, not because of the location but because you never know who is there to do more than check email. That’s why it’s important to have your employees use a virtual private network (VPN) to connect to the company network remotely. A VPN encrypts the data moving between the employee’s device and the company network, making it much more difficult for a hacker to access the data.

Do You Hear About It When Employees' Devices Go Missing?

Think you felt bad when you recently misplaced your iPhone? How do you think one Apple employee felt when he left an iPhone 4 prototype in a bar in 2010? Lost or stolen devices can give just about anybody instant access to company data if the devices aren’t properly secured. In fact, almost 70 percent of data breaches in the healthcare industry between 2010 and 2014 were caused by stolen devices. A $700 iPhone can feel pretty insignificant compared to millions of dollars in data recovery costs.

Personal and company-provided devices alike can easily go missing. A misplaced smartphone is practically inevitable. However, even minimal security practices can help keep devices from turning into goldmines for hackers. Locking functions such as the iPhone’s PIN code or the Android’s pattern lock can keep people out, while a remote memory wipe program can go a step further by deleting the device’s data from afar. Even if a hacker does gain access to the phone, there won’t be any data for them to corrupt or hold for ransom.

How Often Do Employees Update Their Phones?

Unlock your iPhone and open the App Store. How many updates are waiting for you? Are you using the latest version of your operating system (OS)? Some of us obsess over getting everything updated as soon as possible, but not everybody is in a hurry when a round of updates appears in the queue. Many people resist updating apps and OSes because of functionality problems caused by past updates.

However, not updating OSes and apps can leave devices vulnerable to attack. Most updates exist to fix known glitches or close security vulnerabilities rather than to add or remove features. Even traditional PCs require occasional updates to improve security — smartphones, tablets and apps are no different.

If an OS update is released, have your IT department test it to make sure it doesn’t affect the functionality of any business-critical apps your BYOD employees use. If there are no issues, inform your employees that they need to run updates as soon as possible to help keep company data secure. Also remind employees to routinely update their apps to close any known security holes.

Who's Downloading What?

Daniel was really interested in a particular smartphone app’s organizational features, so he didn’t pay much attention to the terms and conditions or the permissions he allowed when he downloaded it. Daniel unknowingly gave the app access to every bit of data on his phone — from web and search history to emails. What started as a quest to be more productive led to the risk of company emails with sensitive information landing in the wrong hands.

Apps that request broad permissions can be especially problematic if your employees access company email through their device’s built-in email app. These apps typically store email data locally on the device, meaning another app that’s been given access to that data can give hackers or malicious developers the ability to browse confidential corporate emails.

Your employees should always be careful about what they’re downloading to their personal devices, but you should have an acceptable use policy if they’re also accessing company emails or networks from the same devices. Require employees to double check the permissions and validity of every app they use. While it might be tedious and require the deletion of a much-enjoyed app, a security breach sourced from a remote personal device should be treated no differently than an on-site security breach.

Despite the risks, BYOD offers small- to medium-sized businesses an excellent way to avoid the costs associated with purchasing and servicing company-owned devices. However, without strict BYOD policies and procedures, you’re susceptible to data breaches that can turn into nightmares. 

No comments:

Post a Comment

Popular Posts