Bring Your Own Device (BYOD) is part of many businesses’ technology network. We love our devices. We love being able to read tweets as we stand in line for our morning java, do quick work over lunch, and check emails while we wait for a meeting to start.
Unfortunately, BYOD poses huge security issues for businesses. Smartphone theft – with your customer data on the device – is one of the most common theft crimes. Lost smartphones in bars and taxis is frequent. Last year, over 10,000 smartphones were lost every month in Chicago taxis alone. One half of all street crime in New York City is smartphone theft.
What Can You Do
If you don’t yet have a thoughtful and thorough BYOD policy, set basic standards such as these:
- Ask employees to set a password/access code on their device. Make it harder for criminals to access the device’s content. It may give your employee time to wipe content before the crooks access your data.
- Use an app to locate the phone or tablet. One company, Lookout, has a version for businesses so an admin or the employee can locate a lost device.
- Educate employees about risks of downloading apps. Employees should only load apps from trusted app stores and after checking product reviews. Many apps are developed without any security checks embedded. This leaves an easy way for a hacker to access network information from a stolen device.
- Educate employees on safe browsing; it is more common to link to a malicious web site on a smaller device than on a laptop or PC since people are geared to taking quick actions on a mobile device.
- Consider smartphone antivirus software. Android devices are especially prone to viruses, since less development security testing is required.
Your 2015 Goal
Make a 2015 goal to assign resources or hire an outside consultant to develop a BYOD policy so you have a clear understanding of how to protect your network and information on mobile devices used by your employees.
You will want to consider:
- What data do you really want your employees to access on mobile devices?
- What will you do with the device when an employee leaves the company – do you buy it back so you keep the content or do you make sure the content is erased in the presence of your HR department during the termination interview? Just as you ask for employee IDs and keys back at termination, you need to manage the company content on BYODs.
- Do you allow all types of devices to be used, or do you limit the devices to the known safer ones?
These and more questions need to be answered and documented so you protect your assets. You want your employees to have easy access to do their jobs remotely, but remember that you own the data and should set the standards on when and how it is used.