Bring your own device: the risks and how to protect yourself

BYOD what are the risks

Bring Your Own Device (BYOD) - the policy of permitting employees to bring personally-owned mobile devices to their workplace - has become a growing trend in recent years due to the influx of smartphones and tablets.

Businesses are leaning further towards BYOD; studies reveal that around 53 percent of employees are using their own technology for work purposes.

There are many benefits of having a BYOD policy. Your company can avoid purchasing hardware and the inevitable depreciation that comes with it, and using a mobile device away from the office also gives employees the chance to check work e-mails and access company information outside of normal working hours, which can lead to increased productivity.

However, before allowing employees to use their own devices you should have a clear understanding of the risks of BYOD; without proper controls in place, customer data could be breached, which in turn can lead to eye watering fines. Here are the most common risks and how to protect against them.

Lost and stolen storage devices

Lost or stolen devices are a major risk for firms of all sizes - news in the press about USB keys left on trains and lost laptops have become increasingly common, and many of these instances involve IT professionals working on public sector contracts. As an absolute minimum, ensure strong passwords are applied to all storage devices (hard drives and removable media). In addition to this, encrypt the data to provide a second layer of protection in the event the password is cracked.

Firewalls and anti-virus

Employees' devices are likely to vary in age and specification, and there is always the danger that they are not secure enough. Non-work related applications or accessing untrusted websites could leave security vulnerabilities on your employee's device - meaning that the next time they log in at the office, the contents of your entire network could be at risk. When devising a BYOD policy, it's important to be clear who is responsible for securing the device, and setting time intervals at which the anti-virus or firewall should be updated.

People leaving the company

You may also consider what happens when an employee leaves the company. If they have confidential customer data stored on their machine, even if they no longer work for you, your business could be liable for a breach of data. The ex-employee may choose to sell their device, or dispose of it improperly, which could result in a breach of customer details if the hard drive fell into the wrong hands. A mobile application management (MAM) platform allows you to disable application access and remotely delete data owned by your company from the ex-employee's device - minimising the chances of a data breach occurring.

Web access

When employees are working from your office's internet connection, they should always use the office's wireless (or wired) internet connection. This way, you can control the websites staff have access to and prevent malware from suspect sources appearing on your employees' machine and breaching your network.

The solution

The solution to these risks centres around implementing strong policy and compliance, and having professional indemnity insurance cover in place to protect against disputes arising from breaches of customer data or documents if something does go wrong (find out more). An effective BYOD policy should to include:

  • Clear statements that also explain consequences
  • Training programmes to address liabilities
  • Required security measures when handling customer data

Whilst you cannot guarantee compliance, having BYOD rules and a formal policy in place will go a long way towards protecting your business.

Business insurance from £5 a month