There’s a rising number of mobile application users in the workplace—but that doesn’t mean employees are chasing down virtual creatures in the board room or behind the water cooler. They’re more likely using their smartphones and tablets to collaborate with coworkers, submit expense reports, optimize pay-per-click campaigns, check e-mail, keep up with customers…and the list goes on and on.Mobile-for-work practices are becoming more commonplace, and businesses are establishing BYOD (bring your own device) policies to help mitigate the risks inherent in employees’ professional use of their personal devices. There’s simply a lot of grey area when it comes to people’s smartphone and tablet activities—one minute an employee could be using Google Docs to update a quarterly report and the next they could be accessing Wi-Fi to download a podcast to listen to on their commute home. In the process, a mix of personal and work-related data is getting stored together and it’s hard to guarantee it’s secure.
Business Owners: Plan for the Mobile Invasion
If you haven’t already enabled your employees to use their own devices for work purposes—or even if you have—it’s critical you’re somewhere in the process of developing security procedures. The article Top 6 Cyber Security Tips For Businesses discusses the importance of safeguarding mobile devices to protect your organization against data loss and corruption. And this is only going to get more imperative. Consider these insights from Gartner:
- By 2017, half of employers will require employees to supply their own device for work purposes
- 38% of companies expect to stop providing devices to workers by 2016
- While BYOD is most prevalent in midsize and large organizations ($500 million to $5 billion in revenue, with 2,500 to 5,000 employees), BYOD permits smaller companies to go mobile without a huge device and service investment.
Here are some things business owners should keep in mind while developing BYOD policies:
1. Know the Risk Factors
Cybercriminals are getting more sophisticated, and they’re targeting the newest forms of technology—and their users—in increasingly cunning ways. Mobile devices are especially vulnerable to data breach, fraudulent attacks, data loss, and a host of other security nightmares. Here are a few reasons why:
- Unsecured WiFi – Users may hop onto free or public WiFi that’s not sufficiently “locked down” so it’s easier for schemers on the same access point to snoop on their device’s activity.
- Suspect Apps – Many free apps contain adware or spyware (and possibly malware) that collects data on a device without requesting the owner’s permission.
- Savvy Device Owners – Some people, who may or may not be in your employee ranks may know how to work the system in order to have more control over what they can install—or what company resources they can access through the device once it’s connected to the network. They may accomplish this through jailbreaking (removing the limitations imposed by the device maker) or rooting (giving themselves owner administrator-level permissions).
2. Know Your IT Infrastructure, Capacity, and Capability
A mobile workforce can be productive anytime, anywhere. Is your infrastructure set up to manage the around-the-clock demands of workforce mobility? Among the things your IT team needs to know…
- How many devices will be accessing your network
- How to monitor the state of each device accessing the network and know whether it is an approved device
- How to identify personal- versus corporate-owned devices and know how to isolate corporate data on the device and hide any personal information from IT administrators
- How and when to apply and manage security updates
- How and under what circumstances to restrict the use of mobile/cloud storage apps and put restrictions on sensitive data
- How to set up and/or limit device, app, and data access permissions
- How to disable or terminate an employee’s access to any data, apps, local drives, etc.
- How and when to remotely wipe a device (i.e. delete corporate data like e-mail and contacts) in the case it’s lost or stolen
3. Know What a BYOD Policy Should Include
Effective policies and procedures will be easy-to-understand. They must clearly communicate the boundaries related to device use and the consequences of a violation. Examples of user guidelines:
- Types of devices – List explicitly which devices are allowed for use at work as well as any specific device must-haves, such as minimum requirements for operating systems.
- Use of devices – Spell out what the user’s own responsibilities and risks are with respect to accessing the network and company data on their mobile device. Provide sign-in instructions including when and how often they need to verify their identity.
- Use of Platforms and Apps – Specify which platforms will be supported and how, and what service levels they should expect. Be clear about what apps are acceptable and/or compliant.
4. Know What Technology Can Help
There are several solutions in the marketplace that make mobile security easier to manage. What you use depends on your company’s needs, employee base, IT capabilities, and even industry. Solutions like the ones listed below might be employed on a standalone basis or in combination with others:
- Enterprise Mobility Management (EMM) software helps IT monitor and detect risks before they have a catastrophic effect.
- Desktop Virtualization and Secure File Sharing tools help ensure business information remains secure within the datacenter.
- VPN solutions act as gatekeepers, granting remote users access to network resources and verifying that the data being transferred to and from their mobile device and network is encrypted and permitted.
- Network access control (NAC) technology can be applied to authenticate people connecting to the network and check whether their devices have up-to-date antivirus software and security patches.
5. Know How to Protect Your Business
Acadia Insurance provides property and casualty insurance products to businesses, which may include Privacy Breach & Cyber Liability coverage. Appointed independent agents are available throughout the Northeast to help you, click here to find one near you.