The Bring Your Own Device issue is not a future concern for small business anymore; it is a present reality that they have to deal with on a daily basis.
Employees’ use of their own smartphones, tablets and other mobile connected devices for managing their personal lives has now crossed over into their work lives so much that the defining question is no longer about work/life balance, but work/life integration.
However, along with the convenience and connectedness that come with such mobility comes vulnerability.
Cyber criminals continue to improve their toolkits and malware, having long ago moved away from hacking personal computers to targeting the data on mobile devices.
Clearly for business, there are inherent risks in the ‘free for all’ model of BYOD policy. With the average cost of a commercial data breach estimated at more than $6.75M (source: Ponemon Group, 2010) having a robust BYOD policy is a critical component of any business’ data security preparedness.
At the management level, the BYOD discussion inevitably ends up being a conversation about cost.
Company leaders face the choice of outlaying cost for protected mobile devices for all staff to ensure that work data is fully separate and secure, against trusting that employees won’t make a mistake with their own devices.
Companies have the right to expect that their employees will not introduce harmful viruses into their work systems through their personal devices.
At the same time, companies need to respect that their employees’ need for some level of personal data on devices they use for work.
So how can a business balance employee trust with the need for security? A sensible BYOD policy might look something like the following.
1. Ensure that applications that employees use on devices are running on a managed host operating system, which complies with corporate security standards and ensures timely security updates.
2. Treat employee’s BYOD devices as external, meaning they should be able to connect only to company resources through the external network, which are subject to security checks.
3. Instigate a staff education programme that makes employees aware of their responsibilities around bringing their own device.
Of course the ideal way to guarantee BYOD safety is to ensure that security – and thereby, trust – is built into devices from the outset.
This is an area where Microsoft has taken a particular lead, with enterprise grade antivirus software already built into devices that run the latest Windows operating systems on phones and tablets.
If your business has not yet decided what your BYOD policy should be, now is the time to do so. There is now a wide range of options and technologies available that will simplify the implementation of a secure BYOD environment in your business.
It’s about keeping in mind that BYOD is not just about users being allowed to connect their personal devices on to the corporate network. BYOD is about giving your users the ability to use technology they are familiar with, while ensuring that your corporate data remains safe.
By David Rayner, director, consumer sales & marketing, Microsoft NZ
This article was originally published in the April issue of IT Brief Magazine