In today’s ever-changing world, many businesses struggle to keep up with technology advances and employees’ increasingly prefer to use their own personal devices. Ubiquitous use of BYOD at work is a natural progression and increasing numbers of companies are now allowing employees to use personal devices to connect to corporate networks. However, comparatively few have implemented measures to mitigate against the security risks inherent in BYOD initiatives in the workplace.
Employees increasingly seek flexible work options and the ability to work remotely. Using the same mobile device at home or in the office can allow for enhanced efficiency and output. Employees no longer want two devices to lug around; they want a single device that allows them to achieve everything!
However, combining work and personal functions onto a single device presents various challenges for most employers. For example, it can be difficult to know if an employee tapping away on a phone is working or messaging friends, or an employee may inadvertently send social networking posts from their corporate identity instead of their personal account if both are configured on one device.
Security is also a major concern for employers, if the employee’s device is not adequately protected (by sufficient password protection or anti-virus software etc.), hackers and viruses may be able to access company information or cause serious damage to its IT systems.
Despite the risks and challenges, BYOD has become an inevitable trend that can present many advantages, provided employers adequately prepare. It can be less costly for companies to introduce BYOD, rather than constantly purchasing new hardware. Additionally, employees often own newer and more advanced devices than the business already has, or can afford to purchase. There is also the benefit of increased employee satisfaction, as generally they feel more familiar with using their own devices.
Although technological advancements bring with them increased exposure for employers, in reality both are inevitable. Rather than resist change employers should embrace the use of BYOD but be sure to implement smart working strategies to mitigate any potential risks.
For UK employers introducing BYOD, employers should proactively assess the risks, take careful due diligence steps and develop strict guidelines and a BYOD policy.
The key aspects to consider are as follows:
- Analyse the organisation’s risk profile i.e. what sensitive data/information does the company hold, which of its functions could be targets (e.g. financial or customer/client information).
- Plan for security incidents. This could include retaining the right to examine employee devices when an incident occurs and having a clear policy about liability for lost data.
- Ensure employee devices are secure. This could include requiring all employee devices to be password protected and to have adequate anti-virus/anti-malware software.
- Ensure network security is tightened. This could include encrypting sensitive data and preventing local storage of company documents.
- Ensure to address all data protection requirements. If the organisation accesses employees’ personal data from their devices, it will need to state the purpose of the data collection in its BYOD policy. Organisations will also need to consider whether they are required to delete any personal information obtained from the device and how it will retrieve company information from the device, in the event that the employee leaves the organisation.
- Consider what data will be uploaded to employee devices and whether the business has authority to collect that data.