There’s a lot of talk today about BYOD (Bring Your Own Device), the practice of employees bringing their own mobile technology into the workplace for work-related purposes. This practice, using laptops, tablets and smartphones, is also known as the consumerization of IT. It is increasingly prevalent in many businesses and can improve worker productivity and satisfaction. However, it introduces significant challenges to data security.
Maintaining security can be very difficult on devices not owned by organization. Most of us are aware of the risk of compromised data, and now personal devices are being connected to the corporate network. These devices are carried in and out of your office and then connected to personal and unsecured networks. If confidential information is accessed, it may be stored on the smartphone for ease of use. Many users have backup services in the cloud. Once there, your data is beyond your reach and out of your control. And if that smartphone is lost or stolen, untrusted parties can gain access to anything stored on the phone.
Make sure you have a BYOD policy that clearly defines expectations and rules of engagement. Minimum security requirements and tools for the device should be specified as a requirement before connecting to company resources. Work with your IT provider to evaluate your specific needs and risks, develop policies and implement technology safeguards to protect your data. Be sure that your policy specifies how data will be retrieved and removed from personal devices when an employee leaves your organization. Don’t become the next case study in compromised private information.