BYOD Might Not Be a Good Fit for Every Business
The concept behind BYOD seems really good–employees bring their personal devices to work and use them to accomplish company projects. Initially, BYOD was well received, but after reviewing the security risks, more companies are opting out of it. Is there another way to use mobile devices at work without all the hassle and risks of BYOD?
According to CompTIA’s spring survey of 400 IT and business executives, 51 percent of respondents are opting not to do BYOD at all. Figures like this put a damper on the message of BYOD proponents, claiming that the use of personal devices at work was going to change the workplace forever. However, businesses aren’t “throwing the baby out with the bathwater” by giving up on mobile devices, due in part to all the benefits they bring to the table. Instead, we’re seeing companies take a different approach to mobile device use, namely, with CYOD (Choose Your Own Device).
In a CYOD work environment, employers provide company-owned mobile devices to their employees. Up front, this approach will cost you a little extra money, but it will save you much more in the long run when it comes to preventing costly security breaches. Additionally, there are measures you can take to personalize company devices for the employees, like letting a worker choose the device model that they’ll be using, and giving employees app store credit to purchase personal apps of their choosing (pending that they’re first cleared by your IT management team).
Personalized measures like this will give employees an attachment to the company-issued device that people tend to naturally make with objects they carry on their persons (take for example your favorite hat), while giving your organization complete control of how the device is used. This addresses one of the trickiest issues concerning BYOD, which is how to go about deleting company data on a personal device.
If an employee is let go, certain company applications and files will have to be removed, and if you attempt to remove company data on a personal device, and you happen to delete their personal data or view sensitive information, then your business will be liable. This could lead to a messy legal battle that nobody wants. With the device owned by the company, you can completely wipe the data off the device without consequence because it all belongs to the company. Of course, you will want to notify the employee of this before giving them the device so that they’ll be sure to backup any personal photos or files.
CYOD also provides employers with much more control over the device, which takes the guesswork out of knowing if an employee is or isn’t following company security policies. This level of control will help curb some of the worst security threats that come from BYOD.
According to Marble Security Labs, the worst BYOD threats include:
- Malicious apps published by hackers.
- Mobile attacks over SMS messages.
- A compromised WiFi hotspot.
- Hostile configuration profiles.
- Unencrypted email attachments.
- Backup hijacking.
Additionally, Marble Security Labs analyzed 1.2 million iOS and Android apps and concluded that business data is inadequately protected by consumer apps on BYODs.
When it comes down to it, BYOD isn’t a completely ridiculous idea. In fact, the benefits of BYOD may be worth the extra security precautions required to implement it. Alternatively, if you want to enjoy the benefits of BYOD, like increased employee satisfaction, productivity, and mobility, then going with a CYOD policy may be the easiest way to go about it.
To get personalized consulting to understand what is the best mobile device policy for your business, call Protek today at 801.999.4767
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.