Have You Thought About these 4 BYOD Risks and Concerns?
BYOD programs have earned noteworthy popularity in the past few years. Top motivations to adopt BYOD are: employee satisfaction, increased employee mobility, increased productivity, and reduced IT cost. BYOD programs give significant power to the employees – they can now control and decide from where to work, which devices to use and can even choose a convenient time to work.
But, “with great power comes great responsibility.” Despite the advantages, there are plenty of risks that pose a burden on an organization’s assets.
Bring your Own Device brings its own risks too and these BYOD risks affect both employers and the employees, equally.
You should mull over these BYOD risks in terms of security before bringing the program into your ecosystem:
- Data Breach
Data is one of the most valuable assets of an organization as well as its employees. For an organization, data comprises of business information, sensitive enterprise information, proprietary intellectual property, business content, employee facts etc. Workers consider their personally identifiable information, social profiles, usage pattern, personal and financial information, photos, address books, mobile activities, location, browsing history etc. as confidential information.
Any unauthorized access to enterprise or personal data is a data breach, which comes attached to your BYOD plan.
- Device theft or loss: Physical loss or theft of a device could render data stored in it inaccessible. Worse still a third-party could enter the system to access sensitive information.
- Device sharing: Many employees, even trained professionals go-easy on sharing their devices and even passwords or lock codes. This could give access to a malicious user to intercept data, e.g. make a copy of it, delete it, or modify it.
- Untrained users: Many employees tend to make common mistakes like connecting to unsafe networks, downloading sketchy apps etc., which could leak or steal information on the device.
- Employee exit: What happens when an employee exits an organization? There is a high probability that his device has sensitive information stored on it. What if his device can still connect to the corporate network, even after the exit?
- Different Devices Magnify Problems
There is no dearth of devices with different operating systems, configurations, and features. A modern-day employee typically stays in-tune with the latest technology and has different devices or frequently changes devices, which magnifies the management and administrative problems for an organization’s IT team.
- Device OS and Configuration: When an organization embraces BYOD strategy, the process is to register all employee-owned devices with an MDM or EMM solution, deploy monitoring and security tools on these devices to protect them from cyber-attacks.
IT must customize security, specific to a different OS (Android, iOS, Windows etc.). This becomes more complex when the device integrity has been compromised by jailbreaking, rooting, or unlocking. These procedures remove vendors’ restrictions and make these devices more vulnerable.
- Device tethering: Any mobile device can become a mobile hotspot, which offers a lot of flexibility to the employees where there is no active internet connection. But IT loses security control of such devices, and they must track all such devices to ensure their secure connection to the corporate network.
- Device obsolescence: The tech-savvy generation is very quick to move on to the next device, next technology, rendering existing devices obsolete. When an employee changes or brings a new device to the workplace:
a. IT will have to start afresh with the registration and security installation cycle.
b. A previous device might have to be removed from the allowed device list and corporate data shall have to be wiped.
c. If the new device goes untracked (not registered) it will open a Pandora’s box exposing the organization to various security risks.
- Legal Issues
If an employee or the organization is involved in a legal issue, an employee device may be subject to discovery in the context of litigation. Key issues that can arise during the litigation process are:
- Logical boundaries between personal and business data on a device are insufficient, business data may also be discovered, and sensitive information may become public.
- Another issue is preservation. When an employee device is requested for electronic discovery during corporate litigation, employers must ensure business records are available long enough to satisfy the process, failing which could lead to adverse circumstances for the employer.
- Poor Policies
Many companies adopt BYOD management without effective security policies in place. Lack of a well-defined, robust policy is a ticking time-bomb which can jeopardize an enterprise’s assets.
An ideal policy is a balance of efficiency, flexibility, and sound security measures, which clearly addresses all possible BYOD risks, countermeasures, and how the organization will deal with non-compliance
Though it is easier to exert control over company-owned devices, BYOD offers agility and helps you leverage the full power of mobile devices. An enterprise should evaluate and analyze associated BYOD risks against prospective gains before implementing BYOD at the workplace.