Skip to main content

The great debate: To BYOD or not to BYOD

It could be argued that BYOD is the cause of IT’s biggest headaches in the past 10 years, but there is no denying that BYOD has transformed the way we work, and for many organisations, there is no looking back.

Mobile devices enable work to be done seemingly anywhere, anytime. Productivity goes up, while IT costs go down.

However, for roughly about a quarter of organisations, BYOD remains a policy that is too risky to adopt. They consider personal mobile devices too unsecure and unmanageable to be trusted.

These organisations do have a point. BYOD works properly only if all mobile workers in the organisation follow best practices for mobile security. Otherwise, the damage from security breaches is likely to outweigh whatever productivity and efficiency benefits BYOD delivers.

Keeping a BYOD workforce secure is not a trivial matter. The number of BYOD devices in the workplace is high and getting higher. The typical mobile worker is now carrying three mobile devices: a smartphone, a tablet, and a laptop. All must be secure. In the next few years, about a third of workers can be expected to adopt a fourth device: a “wearable” like the Apple Watch or Samsung Galaxy Gear. These devices connect to Wi-Fi networks, sometime with and sometimes without the aid of a smartphone. They, too, will need to be secure. All these devices run different operating systems and apps, yet security must be comprehensive and consistent.

Hackers and criminal syndicates realise that mobile devices are the new weak link in many organisations’ security defenses. Accordingly, these bad actors are increasing the frequency and variety of their attacks. Mobile malware is becoming more common, stealthy, and sophisticated.

Another challenge: mobile devices continue to be lost or stolen. Because so many of those devices lack basic security features (or leave them disabled), enterprise content that is confidential ends up in the wrong hands.

What security measures should organisations put in place to counter these risk and make BYOD a safe, profitable choice?

Here are 8 best practices for BYOD security.

  1. Educate users about BYOD security risks and best practices. Make sure they all understand your organisation’s security policies, including policies for BYOD.
  2. Require devices such as smartphones, tablets, and laptops to lock automatically after remaining idle for several minutes.
  3. Deploy AV scanning on all mobile devices to catch and stop mobile malware.
  4. Ensure that private content is encrypted in storage and in transit on mobile device.
  5. Use “secure container” technology on mobile devices to keep personal data and business data separate. Secure containers keep the organisation’s content in protected storage and memory. Even if personal data or apps become compromised, the business content remains safe.
  6. Deploy a system for remotely wiping (deleting) private data on mobile devices that are lost, stolen, or decommissioned. Be sure to inform employees that the mobile wipe system deletes only the organisation’s data, not their personal data. Experience has shown that many employees are reluctant to report devices lost for fear of having their personal data deleted. By limiting remote-wipe capabilities to the organisation’s data, you increase the probability of employees reporting mislaid devices promptly.
  7. Create a comprehensive secure access solution for all content that users might access on their mobile devices. In many organisations, content is distributed across different content management systems. All these systems much be able to be easily but securely accessed by authorised users. When content is difficult to access, users seek work-arounds, such as copying files to free public-cloud services.
  8. Monitor mobile access to protected resources. Make sure that only authorised users are accessing protected content, and watch for anomalous behavior, such as access in the middle of the night or from an unfamiliar location.

This list is substantial, but fortunately organisations do not have to implement these measures in piecemeal. New mobile content security solutions offer all these protections, and more, in comprehensive platforms capable of managing all BYOD devices.

As these security solutions become more widespread and well known, perhaps more organisations will answer the question of whether or not to BYOD in the affirmative. Then it will not be a question of “To BYOD or not to BYOD,” but rather “How to BYOD Easily, Securely, and Profitably.”

Keith Poyster is EMEA MD at Accellion.