BYOD = “Bring your own device” No – I didn’t know it meant either until recently, when we realised that a lot more of our employees were having to log in remotely to keep in contact with us, so this is becoming very important for employers.
What is “bring your own device” (BYOD)?
Many employees now own personal mobile devices (such as tablets, smartphones, laptops or notebook computers) that can be used for business purposes. Businesses are receiving an increasing number of requests to allow employees to use these devices at work and, of course, this creates risks as well as benefits. If this is a situation which affects your business, we would strongly advise discussing this with your employee.
BYOD can bring a number of benefits to businesses, including:
- Increased flexibility and efficiency in working practices.
- Improved employee morale and job satisfaction.
- A reduction in business costs as employees invest in their own devices.
Personal mobile devices are owned, maintained and supported by the user, rather than the business. This means that a business will have significantly less control over the device than it would normally have over a traditional corporately owned and provided device.
Securing data stored on the device is vital and a business should
- require the use of a strong password to secure the device and use encryption to store data on the device securely.
- be aware that a business is responsible for protecting company data stored on personal mobile devices.
- consider implementing security measures to prevent unauthorised or unlawful access to the business’s systems or company data, for example, ensuring that access to the device is locked or data automatically deleted if an incorrect password is inputted too many times.
There is also risk of exposure to damage to the business’s:
- IT resources and communications systems.
- Confidential and proprietary information.
- Corporate reputation.
Mobile Device Management
The business should ensure that its employees understand what type of data can be stored on a personal device and which cannot. Mobile Device Management software allows a business to remotely manage and configure many aspects of personal mobile devices – typical features include:
- Automatically locking the device after a period of inactivity.
- Executing a remote wipe of the device (make sure employees are aware that devices can be automatically or remotely deleted and in which circumstances).
- Preventing the installation of unapproved apps.
Monitoring use of the device
If a business wants to monitor employees’ use of personal mobile devices, it must:
- make its reasons for monitoring clear; and
- explain the benefits the business expects will be delivered by monitoring (for example, preventing misuse of the device).
- ensure that monitoring technology remains proportionate and not excessive, especially during periods of personal use (for example, evenings and weekends).
Loss or theft of the device
- The biggest cause of data loss is still the physical loss of a personal mobile device (for example, through theft or by being left on public transport).
- Loss or theft of the device could lead to unauthorised or unlawful access to the business’s systems or company data. The business must ensure a process is in place for quickly and effectively revoking access to a device in the event that it is reported lost or stolen.
- Businesses should consider registering devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of a loss or theft.
BYOD arrangements generally involve the transfer of data between the personal mobile device and the business’ systems. This process can present risks, especially where it involves a large volume of sensitive information. Transferring the data via an encrypted channel offers the maximum protection.
Employees should avoid public cloud-based sharing which has not been fully assessed. Businesses should consider providing guidance to employees on how to assess the security of Wi-Fi networks (such as those in hotels or cafes) and think about how it will manage data held on an employee’s personal mobile device should the employee leave the business.
For more information, contact me on 0208 363 4444