With more employees bringing in their own devices including smartphones and tablets to work, businesses need to put in place policies and procedures to mitigate potential risks, according to global risk consulting firm, Protiviti.
According to the company, while BYOD appears to offer ease of use and procurement, without the appropriate tools and planning, it can introduce significant risks to a business – such as a blow-out in costs and time spent on securing, monitoring and maintaining company data.
Protiviti director of IT consulting, Ewen Ferguson, said that businesses have to consider the behaviour of the devices when it connects to a work network.
“Users do not want the inconvenience of strong security on their own devices. Combine that with users downloading potentially unsafe applications from numerous apps stores, the company’s data is at risk.
“If information is lost or stolen, even with a minor data breach, it can cost a business literally hundreds of thousands of dollars to fix,” he said.
Ferguson claimed that if organisations do decide to implement BYOD in their businesses, they should adopt ways to mitigate risks, such as develop, communicate and enforce a simple and understandable BYOD policy and make it clear to employees when, why and how they can access data.
He added that the BYOD policy should include password protection issues and the ability to remotely wipe the device if it is lost or stolen. Devices should be set-up with geo-location technology, so they can be found if misplaced.
Ferguson mentioned businesses should also clearly establish who owns what apps and data as there are significant legal and privacy implications of tracking or wiping users’ personal devices.
“One option is to make use of mobile device management solutions, which bring a robust level of security while allowing the flexibility that employees desire. This type of solution can separate personal and corporate data,” he said.
However, he also said that BYOD does present a huge opportunity for some companies.
“Organisations that support employee appetite for BYOD, offering both employee flexibility, corporate data protection and monitoring, are the ones that stand to gain the most. And those that don’t will be left behind,” Ferguson said.