A year ago, GadellNet posted about Bring Your Own Device or BYOD policies. We covered the Top 10 need-to-know factors. BYOD policies have only gained in popularity. And for good reason, the benefits of BYOD policies remain – flexibility and convenience for your employees, increased efficiency and connectivity, and better mobility without investing in new devices.
But there are a few drawbacks to BYOD policies as well, and the biggest one is the data security risk your company could be taking on. Today, we want to focus on one important question about BYOD policies – Is BYOD a security risk? This is what you should consider:
If you allow personal devices, and they are not part of your IT infrastructure, they will not be protected by your firewalls the way company issued devices would be. This means your employees won’t always be using the encrypted servers or VPNs as they take their work with them. This root issue is the cause for many of the other data security concerns listed below, including WiFi and Malware.
Your employees connect their personal devices to WiFi daily. They connect at home, at their friend’s house, and in public. In public, hackers can access a mobile device’s data through different strategies. If that mobile device has your company’s sensitive data on it, this data could be vulnerable. At the office, you may have it set up to so your employees can connect mobile devices to a secure WiFi network. This is a great first line defense as it pertains to the security risk associated with BYOD policies, but without that next step of security, your company’s data will be at risk.
When you allow employees to use their personal devices for work, viruses could become an issue and viruses can take data. You don’t have the ability to block websites the way you could on their company-issued devices. An employee could enter a suspicious website unknowingly and put your data at risk. If your employee doesn’t keep up on their device’s software updates, that could also leave that device vulnerable to a hacker or a leak.
Imagine this, you are at a meeting discussing a merger. The meeting has gone on for hours, so everyone decides to take 10 minutes to stretch and take a break. One of your employees leaves their phone on the conference room table. This phone holds some of your company secrets and important data. This phone does not have a PIN set up. Are you vulnerable?
Although this scenario is unlikely, it is possible. Maybe it’s more likely they leave their device on the bus or at a bar. If an employee doesn’t use a PIN to secure their phone or tablet, anyone could pick that phone up look through it, eventually finding data you needed to protect.
Much like not having a PIN, if an employee loses a device and you don’t have the ability to remove the sensitive information on that phone for security reasons, you could be vulnerable. Remote wipe of company information is key for secure data on mobile devices. Even if your employee does use a PIN for their device, there are ways around that. If the device fell into the wrong hands, you could have serious problems. This is more of a concern with personal devices than it is with company-issued devices because your employees take their personal devices everywhere and the security measures on a personal device aren’t the same as a company-issued device.
If you allow personal devices and an employee leaves, you can run into the issue of leaving your data vulnerable. If your employee leaves to join a competitor, it can be a real security risk because you really don’t want them to have sensitive data. With BYOD policies, there can be gray areas when it comes making sure that data does not go with your former employee.
So what GadellNet’s final answer to “Is BYOD a Security Risk?” We say, yes. BYOD can be a data security risk if it is not properly managed.
Mobile Device Management can take care of the security risks of BYOD policies. Mobile devices will be able to access corporate data without being a security risk in your infrastructure. Mobile device management gives administrators the ability have centralized app control. You will be able to push apps onto a phone that everyone needs, send notifications to everyone through a medium where they are sure to see it, and even wipe company data remotely if necessary. A Mobile Device Management program allows your employees to keep their personal data personal and you can keep your company data safe.