03 Jun Bring Your Own Device (BYOD) – What you need to know about this business trend.
What is BYOD?
Bring Your Own Device (BYOD) is a company policy which lets employees use their own devices on the company’s network to do company work. This can include employee-owned laptops, tablets, smartphones, and smart wearables like watches.
Why is this happening?
Sometimes technology is hard. Especially technology that you aren’t familiar with. Every employee will have different learning curves to becoming proficient with any given technology, software, or process. For many companies, BYOD allows employees to use the devices they are comfortable with and enjoy using. This can have a big improvement in productivity because it effectively makes the learning curve at the device level non-existent. Allowing employees to opt-in to BYOD also saves a lot of money.
Studies show that employees tend to like it as well. We’ve all at one time or another had the “company approved” brick of a laptop. Sure, it could take a beating (and it probably did) but it was as sleek, modern, and fast as a 1960’s VW bus. Which is to say – not at all. With BYOD, employees would be able to use the Ultrabook of their choice and the largest screen smartphone their little palms could handle. As long as they brought it with them.
So, employees like it because they get to use what they like, employers like it because it boosts productivity and cuts cost. Who’s pushing back and why?
The IT professional has entered the chat.
What does my business need to consider before implementing a BYOD policy?
Good information security hygiene is all about risk mitigation and layers of security. If you’re connected to the internet, your business has risk. The key is to balance a sensible security policy that still allows your business to run well. At RelevantTec this is what we like to call the “security goldilocks zone”.
While it would be impossible to cover every possible unique scenario all of our readers would need to consider in one article, there are two main subjects that everyone universally will need to consider: data loss and the unintentional spread of malware.
When on the network, what data can your employees access on their own devices? Can they save the data locally on their device? What happens if they were to lose that device?
A great start to creating a robust plan for BYOD is to implement a DLP (data loss prevention) solution. DLP’s main function is to detect data liability in real time and create guardrails to help prevent data loss. A good DLP software can ensure you’re properly caring for sensitive data (employee information, customer records, etc) by setting custom policy for who can access what data and how. Alongside the analytics of how data is allowed to move and be accessed, DLP also encrypts data in its three states: in use (actively editing), in motion (as it moves from one place to another) and at rest (where it’s stored). This means that if there is sensitive data on a lost or stolen device it will still be encrypted and secure.
The second point of consideration is the spread of malware. As an organization, you’ll need to decide how to mitigate the risk of infected employee devices connecting to the network and having that infection spread. A good security layer to combat this risk is endpoint detection and response (EDR) software on employee-owned (as well as company-owned) devices. Think of this as anti-virus on steroids. Not only will it actively block malware, but it also automatically quarantines infected endpoints and scans the rest of the organization for the same anomalies to stop the spread.
End thoughts.
As you can see, while more and more organizations are adopting BYOD, it may not be right for everyone. You’ll have to weigh the benefits and the risks based on your unique landscape.
If you would like to discuss how your specific organization could develop a BYOD policy, give us a call. At RelevantTec, we pride ourselves in conversations without nerd speak.