With the advent of cloud computing and the widespread use of smartphones and tablets, companies today must deal with the issue of employees utilizing their personal mobile devices to conduct company business. According to analyst estimates, the enterprise BYOD adoption rate in 2014 was anywhere from 40-70 percent across all industries. In 2015, the trend continues to grow.
Research released by Osterman Research reveals that for every corporate-issued mobile device, there are now two personally owned iPhones, iPads, and Android devices. This statistic illustrates the fact that BYOD trends are likely to continue.
Inherent risks with BYOD
If the thought of data risk with BYOD adoption keeps you up at night, you are not alone. The possibility of data breach is real and immediate. As more employees use their personal devices for company business, risks can escalate quickly. What are some of these risks?
1. Lost or stolen devices: According to The Security for Business Innovation Council, a group of Global 1000 Information security leaders, the number one concern with BYOD adoption is lost or stolen devices. A smartphone left in a hotel room or taxi may contain sensitive company information. Found by the wrong person, this could represent a data breach nightmare. Osterman Research estimates that less than 1 in 4 devices like this can be remotely wiped by the device owner or the company whose sensitive data may be involved.
2. Vulnerable software: It is likely that your company has a policy to ensure that its internal hardware and software is regularly updated with the appropriate security patches to ensure safety and compliance with applicable regulations. Can the same be said for the personal devices of your employees? Employee failure to apply software security updates can put your company at risk. Third-party applications that are running on the devices of your employees allow you little or no control over software coding errors that can potentially expose your sensitive information to unscrupulous individuals.
3. Unprotected email: How many times a day do your employees check company email with their personal devices? If the employee does not have a PIN code to lock their device, anyone using that device automatically has free access to emails, even those containing sensitive company information.
4. Hotspots: Many employees may use devices that are set by default to identify and connect to open wireless access points when available. If this default setting is not changed appropriately, the device becomes vulnerable to man-in-the-middle attacks.
5. Storage Solutions in the Cloud: Dropbox and similar cloud storage solutions can potentially be vulnerable to unintentional data leakage issues. If your company is not providing a specified, secure storage solution for employee use, it is likely that your employees will, for the sake of convenience, use a less secure storage option which will put your data at risk.
Recommendations for BYOD agreements
If your company allows employees to use their personal devices for company business, it is imperative to craft policies and procedures to ensure the safety of your data and minimize risk. The Security for Business Innovation Council, in their report entitled, “Realizing the Mobile Enterprise”, recommends the following checklist:
- Ensure that your employees are responsible for backing up personal data.
- Clarify lines of responsibility for device maintenance, support, and costs
- Require employees to remove apps that might contribute to data leakage at the request of the organization
- Disable access to the company network if a blacklisted app is installed or if the device has been jail-broken
- Clearly specify the consequences for any violations to the company BYOD policy
Help is available
Because of the inherent risk involved, you may be less than thrilled with the prospect of allowing a BYOD policy. However, the truth of the matter is that convenience is a key motivator for employees to use their personal devices. Simply put, BYOD is likely a behavior that is here to stay. This being the case, having a well-defined company strategy to manage BYOD risk is essential.
The good news is that you do not have to navigate these waters alone. A professional managed service provider can provide you with the tools you need to address the risk.
What managed service can do for you
Here are a few things that GeekTek IT Services can do to bolster your security efforts:
- Design and configure a policy to manage mobile devices
- Secure, monitor, manage and support mobile devices and tablets
- Automatically configure email, access other settings
- Simplify the support of mobile devices
If you would like help with BYOD issues, please contact us. We are hyper-focused on the security of your business, and we will gladly work with you to manage the risks involved with BYOD issues.