With the rise of smartphone technology, bring your own device - or BYOD - certainly cannot be ignored by businesses. Whether they endorse the policy of using personal devices for workplace tasks or not, employees will use the best tools, or those they are most familiar with, to complete tasks, which frequently means using their own smartphone.
Of course, this extends far beyond simply taking work calls. Smartphones in the workplace are now being used to access corporate applications and perhaps more importantly, the data that they contain. Disregarding the mobility benefits of BYOD, this raises a number of security risks that businesses must consider.
The reason why many businesses are adopting a formal BYOD policy is because the influx of personal devices into the workplace is difficult to prevent. With smartphones already here on mass, and tablets and wearables also popular, it makes more sense for businesses to create a formal BYOD policy than to struggle in vain against the oncoming tide of personal devices.
In addition, many organisations are now realising that BYOD, if managed properly, also comes with a huge range of workplace advantages.
- Productivity – One of the major benefits of BYOD is that employees get to use hardware that they are familiar with and comfortable using. Rather than forcing them to use a new device, for which they may need training, or at least time, in order to get up to speed, they can hit the hit ground running with their own smartphone. Furthermore, by giving employees the freedom to use their own devices, companies are displaying trust in their workforce. This can lead to much higher levels of employee satisfaction, which in turn boosts productivity.
- Cost – Bring your own device is also gaining popularity with IT firms because it shifts hardware budgets away from the business and onto the employee. Rather than having to shell out on new workplace phones for all employees, which they may not even want to use, employees pay all, or at least some of, the cost for hardware and associated services. Employees are, for the most part, happy to cover these costs, as they would often have been paying for the personal device in any case.
- Up to date – When compared to traditional business technology cycles, BYOD devices are often upgraded more regularly, due to employee interest in having the most cutting-edge hardware available. Of course, this means that companies also benefit from the latest features and the capability of working with modern software packages.
The security risk
However, the primary concern for all IT decision makers is whether BYOD introduces more vulnerabilities into the business. If employees own the devices that they use to access company applications, it makes the issue of who owns any associated data a little murky. This can cause real issues if an employee leaves the company but still has corporate data contained on his or her personal device. This information could easily be accidentally or deliberately leaked, leading to business ramifications.
Similarly, if workplace devices are stolen or lost, then any information stored on them is also at risk. With a personally owned device, businesses have less control on the kind of software being accessed and security protocols being employed. This leaves devices more vulnerable to malware, which could later be used to launch an attack on your business.
The foremost way that businesses are tackling the BYOD security risk is by implementing mobile device management (MDM) software. The main aim of MDM tools is to give IT department visibility without reducing employee freedom. Most mobile device management software enables businesses to monitor and track applications, letting them know who is accessing them, from which network and whether they are adhering to company regulations.
Businesses can also set limits on what software and files can be accessed by certain individuals, ensuring that data is only available to the relevant members of staff. Devices can be remotely locked, sensitive company information can be erased and rogue applications can be easily removed. MDM combines employee freedom with corporate security, which is why it is becoming increasingly popular with businesses employing a BYOD policy.
Choosing the right option
When organisations are looking to create a formal BYOD policy, it is important to remember the variety of options available to them. Firstly, there is the most well-known approach, BYOD, which refers to a situation where an employee is free to use any personal device of his or her choosing to carry out work tasks.
Alternatively, businesses may opt for a choose your own device (CYOD) policy instead. This looks to reduce some of the security risks involved with BYOD by offering staff a select number of devices from which to work with. Similarly, cooperate owned, personally enabled (COPE) devices are also gaining traction in the workplace. In this situation, businesses retain ownership of the device, but employees can use it as if it was their own personal device. Crucially, by retaining ownership of the device, businesses also keep ownership of any data contained within it, which can be a key security concern.
Ultimately, it will depend on the particular business whether a BYOD, CYOD or COPE policy would be most appropriate. In each case, there is a delicate balancing act between company security and employee freedom. Businesses that get it wrong are likely to generate further vulnerabilities, either by introducing unsecure devices into the workplace, restricting employee productivity, or pushing staff further towards shadow IT. Whichever route organisations decide to go down, they must be transparent with employees by fully disclosing their policy on workplace devices and remotely accessing data.
If they do so, then at the very least employees will have been informed regarding the security challenges and mobile opportunities that BYOD brings to the workplace.
Image Credit: Shutterstock/Rawpixel