The GCOMM Post
online backup free trial
Connectivity

BYOD security risks 2

1 Star2 Stars3 Stars4 Stars5 Stars 1 votes, average: 5.00 out of 5
Loading...
Jovana Stevanovic
image

About a year ago, I discussed Bring Your Own Device (BYOD) trend as it was starting to gain popularity in the companies worldwide. The trend has definitely taken over the workplaces across Australia and the opinions are divided when it comes to its effectiveness. Many believe the legal burden is just too big for companies to bear. Others think the benefits outweigh the disadvantages. However, this really varies from one organisation to the other and the specific situations.

What does BYOD trend mean for the companies?

BYOD offers many advantages to both companies and its employees. Some of them include allowing workers to be mobile which can increase their productivity, reducing capital expenditures of companies, increasing employee satisfaction because they have the ability to use the devices they wish to use, and so on. However, there are things to be concerned about when it comes to this trend and most of them include security issues.

The biggest disadvantage is that the company loses control over the device but some level of control still needs to exist. One of the main problems we see is that many companies don’t know how to deal with BYOD and its legal implications. It is extremely important to be aware of all the BYOD security issues and set appropriate policies that will ensure there is a way to deal with these issues, if needed.

BYOD legal risks

In order to fully address BYOD and clarify the policy associated with it, companies need to be really precise and fully understand all the implications. It would probably be a good idea to work with a legal team that is knowledgeable in this matter. Expert advice will ensure protection for both the company and its employees.

Some of the gray areas that should be included are:

  • Who owns the intellectual property that was created on the employee-owned device for work? Traditionally, it would belong to the company if it was created during the work hours on the company computer. But personal devices used for work are a completely different thing.

  • Data privacy and security – it was traditionally the obligation of a company’s IT department. Does BYOD mean employees have to take care of it themselves? What if the measures they have undertaken don’t comply with industry rules and regulations?

  • What happens if the device is stolen? Who is responsible for the lost data? What if the employee didn’t have an appropriate backup of information stored on the device? This can potentially be a lot more damaging to the company, which is why BYOD policy needs to cover this aspect as well.

  • What if the employee doesn’t work at the company anymore? How can the company ensure that they will get all the necessary data and confidential information off the employee’s device? How can the organisation be sure that the employee didn’t copy the data to an external device?

 

There are many more concerns and they can be specific to industries and even organisations. This is why a BYOD policy needs to be strong and complete so that employees can understand it as well because they are the ones that will eventually have to comply with it.

 

♦ End

About Jovana Stevanovic

Jovana Stevanovic
Having studied, worked and lived abroad for a number of years, Jovana has developed a diverse set of skills and a unique perspective into the business world, which she applies in her current role as Marketing Automation Consultant. Her passion for online marketing and a keen interest in global marketing trends are what drives her to produce effective online campaigns for international clients in the IT sector. Jovana graduated from St. Cloud State University with a Bachelor of Science degree in Marketing and a minor in Public Relations. Jovana enjoys learning languages and is fluent in Serbian, English and Italian. Her other interests include social media, travelling and cooking.
  • Ryan Seys

    From an IT standpoint, I am generally not a fan of BYOD as it causes security headaches, especially when offboarding employees. In the event of a termination, the biggest challenge is ensuring internal resources of the company are not accessible by a non-company entity, which proves to be fairly tough when many times, due to animosity. Often the end-user refuses to allow the company (whom had just “wronged” this former employee in their eyes) access to their personal “BYOD” hardware. For mobile devices such as tablets and cellphones, this process is not as difficult because modern technology allows the IT team to remotely wipe a device with ActiveSync pairing, ensuring company data is correctly purged. However there is a lot of “grey-area” with it comes to what rights a company has to a non-company device. Think of it this way: if I allow you to borrow my car and you keep it in your garage, would I have the right to break into your garage just to re-acquire my own property? This is of course assuming the garage owner is uncooperative with my efforts to give me my car back…

    Ultimately in the world of personal laptops and ultrabooks my opinion is such that unless the company is ready to provide a VDI-based solution that BYOD is simply not a feasible option due to security risks. After all, should the company be more worried about its internal assets (emails, offline files, etc) potentially being compromised? Or should the company be more worried about maintaining its own data integrity while in some cases slightly increasing IT costs in order to provide the employee with its own hardware? In my opinion, the latter is a much more appropriate solution…

  • jstevanovic

    Thanks for your comment, Ryan.
    It’s an interesting topic I personally do not have experience in because I don’t use my own device – all the equipment is supplied by the company. I do like to differentiate between my work and personal computers, although I do many non work related things on the company laptop (personal email, social media, etc.). I am happy with the technology company has supplied but what happens when people have different preferences? Do you think a better option is to simply use their personal device or maybe suggest to a company to supply the desired technology? From the employer’s perspective I guess it depends on what kind of equipment it is, but it would be costly to respect everyone’s wishes and preferences. Is BYOD really the answer? As I mentioned in the article, there are plenty of things to consider, probably even more when it comes to specific situations. Is it even possible to cover everything BYOD entails with a single policy? What if an employee refuses to comply with it/sign it? Would it be worth losing the best employees over this?