With the U.S. mobile worker population set to surpass 105 million by 2020, it is clear the mobile-first workforce is here, and it’s here to stay. With increased mobility also comes a growing trend of employees bringing their own devices into the workplace, demanding greater access to company data through their device of choice.
As seen in many recent studies, Millennials in particular expect mobility, and they are now the largest generation within the workforce. Enterprises need to begin preparing for this more mobile-first workforce, and with that comes BYOD programmes. But allowing employee-owned devices doesn’t mean a company has to accept the risks they can bring.
Through educating employees on how they can help keep company data secure and implementing a BYOD programme they understand, companies can reap the benefits of this mobile workforce. Here are some insights on the threats companies can face through limited or no BYOD policies, and tips on how they can create a strong BYOD programme to better ensure company data remains secure.
Do you know where your devices are?
One of the biggest problems companies face is not knowing how many employee-owned devices are being used for workplace functions. Instituting firewalls or banning certain devices doesn’t work-- employees will always find a way in. The solution isn’t to ban certain devices, it’s to find a way to deal with the risks they can present and have back-up plans in place. The best way to go about this is to let employees know what responsibilities BYOD will place on them. Some liabilities include:
Employees should know that using their devices outside of work hours to do work could get them in trouble with overtime laws.
Employees should be made aware of any legal responsibilities regarding the protection of company data, proprietary information, data security and confidentiality when they work on their own devices.
It seems strange, but employees could run into copyright or license infringement if they use certain apps for work-purposes (instead of personal use).
Companies should clearly outline their BYOD policies for the workplace for all employees to not only increase understanding, but to also give them the opportunity to use their device of preference without harming the company. Some considerations companies need to communicate include: whether or not employees can use open connections – or stick within encrypted ones – when trying to access company data; insights on password protection and how employees can create stronger passwords; whether or not the IT department should be made aware of these passwords.
There should also be procedures to follow if their device is ever lost or stolen. Employees should have clear insight as to whether the employer is allowed to monitor employee use of their devices -- if a company wants monitoring allowed, it needs to be thoroughly explained. They should also have insight as to how a company will gain access to company information on any employee device after they leave the company.
Another way to ensure employees are aware of the risks of bringing their own device, (and to keep information secure) is to get training in early, and make it readily available. As soon as a company decides to implement BYOD, it should host a company-wide, in-person training session. It should allow employees the opportunity to ask questions and find out all about the details of the programme and get a chance to ask any questions. This will help make any transitions to BYOD much easier, and increases the chances of success of the program.
You CAN maintain the balance between BYOD risks and security
BYOD certainly has its risks. However, companies can contain them if they maintain open communications with their employees and have plans in place. Placing responsibility on employees to understand and abide by company BYOD policies, educating them on ways they can use their own devices and teaching them how to keep company data secure are all ways the enterprise can maintain the balance between risks and security. BYOD is a big part in the future of enterprise mobility, but it doesn’t need to include security pitfalls along the way.
Mitch Black, President, MOBI
Image source: Shutterstock/Chinnapong