Allowing your workers to bring their own devices to work can boost productivity. Your workers will be best-placed to take up opportunities. To make sure your corporate network is not vulnerable, however, you should implement a Bring-Your-Own-Device (BYOD) policy.
The modern workforce is agile. Solutions in cloud computing are giving employers the ability to take up opportunities wherever they find them. For employees, this means work hours can be more flexible. According to a 2019 Forbes feature, 50% of companies with more 30 workers trust their own tech tools more than the ones used at the office. Even better, workers don’t require sophisticated devices to work; a smartphone is all you need; 60% of workers surveyed in that report actually used their personal smartphone for work. But should the employer allow this?
The truth of the pudding
Before you even take a corporate decision on whether or not to encourage ‘Bring Your Own Devices’ (BYOD) practices, there are a couple of things you need to know. The first is that it is probably happening already. The second is that it has a tremendous effect on your company’s data.
It’s already happening
With or without a BYOD policy, the reality is that many workers are already using their private devices to do work-related activities. There are different instances in which this occurs. One of them is when they send an email to a client outside work hours using their personal devices. Another is when they carry supplier list about in a pen drive which they then plug into any device they find. Another obvious example is when employees log into corporate social media channels using their personal devices like smartphones and laptops.
Some of these instances might prove convenient and allow workers to take advantage of opportunities as and when they occur. However, it is important to note that such devices could leave your corporate assets vulnerable. A poorly configured antivirus on a personal device is all a hacker needs to access your social media handles. If the device has already being infiltrated via email phishing, then hackers could steal your organisation’s login credentials without you knowing it.
Insider threats are the dangers posed by employees to an organisation’s security systems. From stolen login credentials to acts of personal employee vendetta, an organisation’s data could be vulnerable to employee actions and inactions. A 2018 Insider Threat Report presented by CA Technologies said up to 66% of surveyed correspondents identified insider threats more likely to happen than external cyber attacks. Because personal devices like laptops are less secure on the average, having employees access sensitive data outside the corporate network poses an even greater risk.
There are many positives
As enumerated above, allowing workers to bring their own devices has many positives. From cutting down on the cost of company IT infrastructure to creating a flexible work environment, working with personal devices can give workers an added advantage to be productive. Also, workers are more comfortable using their own devices. As an organisation, you should take concrete steps to leverage these advantages while mitigating the cons.
Institute a BYOD Policy
For some employees, BYOD is inevitable because of the nature of the working environment. Co-founders of start-ups, for example, operate on their own laptops and mobile devices. For other organisations, the rise of the remote worker means workers don’t have access to office equipment; this means they encourage BYOD. Allowing your workers to use their own devices also cuts down on cost of IT infrastructure. But that should not come at the expense of security.
Start by setting out a Bring Your Own Device (BYOD) policy at the workplace. This is the foundation for protecting sensitive corporate data. Important elements to include in your BYOD policy is what kind of devices can be used for work-related activities and who can use them. Some big corporations make a case for Apple devices being more secure than other brands.
In addition, your BYOD policy should also include a Mobile Device Management software that allows you to control and monitor how sensitive data is shared on personal devices. With an MDM, it is possible to remotely delete files when a worker’s computer is stolen or missing, for example.
To improve overall security, it is best to ensure that all workers use trusted antivirus/anti-malware software. This allows the organisation to run automatic updates on all the individual devices regularly.
Imagine a boss perched over your shoulder watching every webpage you visit. Or an application that records every key stroke you make without your knowledge. You are likely to freak out. Nobody likes a boss who snoops about on them. Such BYOD policies can strain relationships and cost the company in productivity goals instead of boosting performance. Let your employees be on the-know about what monitoring tools you are using to ensure they meet their security obligations. Whoever disagrees doesn’t get to use his or her personal device. Likewise, institute a fair punishment scheme for recalcitrant employees. Don’t create arbitrary rules as and when they occur; you run the risk of being unfair to your employees.
Create a Cyber-conscious workforce
Members of your IT department are very likely to be aware of the potential evils lurking in the cyber space. But what about the Sales Intern who plugs any flash drive into the office computer? Getting such ‘non-tech savvy’ persons to appreciate the importance of staying alert is necessary for securing your company’s data. By enforcing an antivirus/anti-malware policy and teaching them to change their passwords regularly, your BYOD policy can help nurture a sense of cyber-security in their daily lives. Not only are they learning for their own good, but your company data become secure in the process.
Whether or not you employ BYOD policies, you should encourage your staff to use double-factor authentication. Double-factor authentication instructs service providers like Facebook and Gmail to send a verification code to a specific phone number whenever you try to log into your account. In this case even if a hacker has access to your employee’s password, the employee will be able to deny access to the account when the verification code comes to his or her phone.
It is easy for some executive managers to be careless with their credentials. Some go about logging into different machines on the work premise assuming everybody’s device is safe. Because such persons are exposed to sensitive data, any lax in security could have a profound dent on the continuity of your business. Your BYOD policy should make such senior staff and executive managers responsible for their actions. Such persons should not log into any other device other than their official devices in order to keep company data safe. Those who manage corporate assets and social media platforms should use only specific devices at the work place.
Also, assign roles to your staff such that workers only have access to data they need. A marketing intern has no business having access to employee social security and banking details. Segment such data and make sure that it is reviewed on a regular basis.
Be proactive with security
An agile business is best-placed to take advantage of business opportunities. That notwithstanding, it is important to establish a BYOD policy to improve the security of employees and the data they access. Such guiding policies should be transparent and friendly. Note that the more endpoints you have on your corporate network, the more potentially vulnerable spots you have. Make sure you are not exposing your business with the excuse of having advantage over your archaic competitor. Create and enforce a BYOD policy.