There’s no doubt about it, Bring Your Own Device (BYOD) is here to stay. In fact, 90% of all US employees now use their own devices for work purposes, so it’s essential that your business is prepared.
By Sam Woodhams
Bring Your Own Device (BYOD) is the use of personal devices for work purposes, including anything from checking work emails on your smartphone to preparing for a meeting on your laptop. The chances are, you practice BYOD even if you didn’t realise it.
It’s easy to see why the trend has taken over: it saves you money as you don’t have to buy devices for all your employees, they can work on-the-go and you always remain connected. Plus, they can get to work on devices they know well, so you don’t have to spend as much time on training.
However, employees using their own devices can leave your company’s sensitive information and cybersecurity at risk. From lost laptops and stolen phones, to employees sending sensitive information on unsecured networks, BYOD can dramatically put your company’s security at risk.
With over two thirds of all small businesses registering cyber-attacks last year, it’s crucial that you know how to prepare for the worst and generate an effective BYOD policy.
Step 1: Consider the Risks:
The first step to creating an effective BYOD policy is to acknowledge the risks. Without considering them, your policy won’t protect against them.
Some important risks are:
- Lost Devices: if phones or tablets are lost or stolen, consider what information may also be lost with them.
- Scams: unprepared employees may fall victim to a phishing scam or man-in-the-middle attack, leaving your company’s data in the hands of the hackers.
- Dangerous Apps: not all apps are safe – some contain spyware, adware and even ransomware, which could bring your business to a standstill.
- Network Complications: with lots of different types of devices connected, your network may become less secure.
To combat the risks of lost and stolen devices, have a means of remotely wiping the data stored on the device. Then, even should the worst happen, your company’s data will stay secure.
Roll your sleeves up, get stuck in and make sure that both you and your employees understand the risks of using your own devices.
Step 2: Clarify Uses
You may think that personal devices will lead to an unproductive workforce, with employees spending more time checking their social media accounts instead of their work emails. If so, use your BYOD policy to outline which websites you deem to be acceptable for your employees to access while at work.
It’s also important to decide what company information will be available to which employees. This will depend on their roles, but it’s worth outlining which departments can access which documents on their own devices.
It’s worth considering locking highly sensitive information, like sales figures, so that they can only be accessed by company owned devices.
Step 3: Outline Best Practice
This is the most important part of the policy. You’ll need to outline what you expect of your employees and guide them on BYOD best practice.
Inform your employees about the importance of strong passwords and encourage all members of staff to use two-factor authentication so that their devices remain secure. Get everyone using the same technology, it will massively help your IT team.
Educate your employees about the dangers of using a public WiFi connection. If working remotely, make sure that your employees access your company’s information by using a trusted VPN server. This will enable your employees to work from anywhere in the world and remain secure while handling your company’s information.
Step 4: Communicate Your Policy
After the risks have been considered, the uses defined, and best practice highlighted, it’s up to you to effectively communicate your new BYOD policy to your employees.
Protecting your company’s data is a group responsibility and everyone at your organisation needs to be on board. It only takes one person to forget to implement a strong password or one email sent over public WiFi to leave your company at risk.
There’s no real way of stopping the rise of Bring Your Own Device and, although it has some obvious benefits, it’s essential that you prepare and draft an effective policy that helps protect your small business. Without it, your employees may use their own devices regardless and inadvertently put your information at risk.
Sam Woodhams is a researcher at TOP10PVN, the world’s largest VPN review and comparison site. He writes about issues of digital privacy and cybersecurity to help protect vulnerable communities from digital threats.