Trusted Mobility: Top Tips to Ensure Bring-Your-Own-Device (BYOD) Security
Organizations everywhere have discovered the many benefits of today’s mobile data availability. Team members, now are able to instantly access the company IT infrastructure from any location and can deliver both customer service and actionable intelligence on a far more consistent, rapid and flexible basis. Productivity is increasing and the effective creative power of a single user is growing by leaps and bounds. Best of all, many of the costs associated with enterprise IT infrastructure are disappearing as less expensive smartphones and tablets begin to replace the prior generation of desktop PCs.
Computing is also becoming more personal. As a natural extension of enterprise mobile computing, over 60 percent of employees worldwide now report regularly using their personally owned mobile devices at work. This trend, generally referred to as BYOD (Bring Your Own Device), offers many continuing benefits: more productive and satisfied employees, the ability to keep up with the latest and most popular platforms, as well as cost savings stemming from employees purchasing their own devices and data plans.
However, the very qualities that make data mobility so attractive and convenient also introduce new potential security, cost and liability risks. From mitigating loss and theft to ensuring regulatory compliance, defining and defending trust in mobile information remains a growing challenge for organizations at the leading edge of this technology trend. Don’t become a cautionary tale for unprepared mobility. Unleash the power of your BYOD networks by following these strategies for secure and safe mobile device management.
Tip #1: Plan for Employee-Owned Mobile Devices to be Lost or Stolen
Mobile devices today are a natural fit for the business traveler, providing an easy route to vital information and communication while on the road or in the air. However, travel also offers one of the most robust opportunities for thieves eager to steal valuable electronics.
Over 40 percent of reported robberies in New York City involve the theft of smartphones. In Washington, D.C., the rate of mobile phone theft jumped by 54 percent between 2007 and 2011. Portable, small and valuable, these devices represent lucrative targets for enterprising pickpockets.
And theft is not the only problem – mobile devices are often lost. A recent study documented over 7,000 devices lost in seven major U.S. airports over a twelve-month period, a number evenly divided between laptops, smartphones and tablets. Theft and loss will happen. Be prepared with a solid plan of response.
Tip #2: Back up Your Data
Is your company’s data being securely stored and protected in an industry-standard facility, or is that all-important spreadsheet stored only on someone’s iPhone? Don’t wait until a loss is reported to find out. Implement infrastructure and policies to ensure that your organization’s information is regularly backed up.
Tip #3: Create a Comprehensive BYOD Policy
It is estimated today that up to 80 percent of organizations that rely on personal mobile devices have no formal, clearly stated policy outlining the security requirements for using them.
What forms of encryption will your organization require for managing company assets? What minimal security controls will be necessary before an employee-owned device can be certified for work use? If the employee leaves the company, or if the device is lost or stolen, what rights and abilities does the business have to remotely erase confidential data stored on it? How is acceptable use defined in terms of company computing? Answer these questions early and comprehensively.
Tip #4: Enforce the Policy
In a recent survey, over 50 percent of 3,200 respondents stated they were fully prepared to ignore security and usage policies regarding their use of personal mobile devices at work. Your BYOD policy does no good if it is not vigorously enforced. This task can be effectively automated via many currently available third-party mobile device management (MDM) software systems.
Tip #5: Keep IT Support Open
One of the most attractive benefits commonly touted for BYOD programs is the ability to cut the number of resulting help desk IT support requests. However, you should work to keep lines of communication and support open. In a survey, 14 percent of respondents indicated that they would not inform their employer in the event that their device was compromised. If you are not careful, the support costs that you save today can return to you with hefty interest later.
Tip #6: Don’t Limit your Policy to just Mobile Devices
An effective BYOD policy is not a device use policy, but a data use policy. More and more, mobile data usage is extending well beyond the scope of the personal device and into the cloud. Write your BYOD policy to include use of company data in online services such as Dropbox and Google Drive – any environment that may host mobile data outside the walls of your company’s IT infrastructure.
Tip #7: Set Boundaries
Often times, BYOD vulnerabilities arise from employees being unaware of the technology policies in place, or being unaware that they will be fully enforced. Establish a program of employee education that covers all of the essentials: how to securely store data, what security expectations exist, how the company can access and control data being stored on personal devices, and who owns the information being stored. Set boundaries with clear and unambiguous guidance.
Most new mobile device purchases are motivated by the desire for upgraded features, new technology, faster and more robust performance, or simply to enjoy the latest version of a popular platform. With the rapidly evolving mobile electronics landscape today, older devices are discarded relatively often. But what happens to them after they have been replaced?
The truth is, with the right technology and knowledge, data can be retrieved from even an erased smartphone in under three minutes – a serious danger for BYOD-reliant companies, considering that an estimated 50% of IT devices purchased on the Internet today still have data on them. To fully protect your company’s assets, provide a secure IT asset disposal program that enables your employees to safely and conveniently retire their old devices.