Heres What Happens When Employees BYOD

Security-related headaches around BYOD may make users want to BYOB.

That's what you can conclude from a new survey that shows organizations with bring your own device (BYOD) policies have twice the number of security concerns as other organizations.

“BYOD introduces a variety of potential risks from security and policy perspectives, as well as end-user privacy,” said Eugene Liderman, director of the office of the CTO at Good Technology, the company that sponsored the Mid-Market Mobility Trends Survey.

The Ups and Downs of BYOD

But BYOD isn’t all bad news. “BYOD brings significant benefits to companies, including cost savings, increased productivity and happier employees,” said Ryan Kalember, chief product officer of WatchDox, a provider of secure enterprise file sync-and-share solutions.

Rob Howard, CTO of Zimbra, a provider of unified collaboration solutions, agrees. “Consumer applications, services and devices are liberating for employees; providing intuitive interfaces and anytime, anywhere access across multiple devices,” he said “However, IT teams have lost control of corporate data, as well as infrastructure, which is becoming increasingly complex.”

Risks arising from BYOD practices come from all different directions including:

Sharing capabilities. Users have more ability and freedom to share information on mobile devices than ever before. “Unfortunately, this also means potentially syncing corporate data to consumer outlets (i.e. Sync corporate content to iCloud, Facebook, LinkedIn, etc.),” said Liderman. “However, enterprise security teams are struggling to keep up with the innovative and powerful consumer functionality. Enterprise data is in regular jeopardy of being leaked. This leakage can happen knowingly or not.”

User-based risk. Users often look to adopt tools they use in their personal lives for work-related tasks. They might decide to sync their work material to iCloud or personal Dropbox accounts, said Liderman.

Enterprise-based risk. In this case users might decide to work around IT barriers, said Liderman. For example, they might decide to forward information to their personal e-mail account.

All About the Data

Without the right policies and technology in place, a stolen tablet could mean a company’s confidential financial information ends up in the wrong hands, said Kalember. “Additionally, research has shown that employees routinely use unauthorized apps to share, access and annotate company files,” he said.

Data theft is a huge problem, experts agree. “The federal government has identified a growing data theft threat from current and former employees looking for revenge or a quick payout,” said Kalember. “As more mobile devices continue to enter the picture — especially devices that are out of IT’s control—these security challenges will only increase.”

Making BYOD Work for You

To beef up your BYOD security you need to assess risks and draft a strong policy.

“Provide users with a sense of responsibility and clear guidelines. These soft controls treat your employees respectfully, while ensuring they understand the consequences for negligence. As with all digital programs, this requires multiple teams and executive buy-in,” said Howard.

While it’s a step in the right direction, just having a BYOD policy isn’t enough to insulate an organization from problems.

“Whether or not an organization has an official BYOD policy, there’s no question that employees are using their personal devices to access company files,” said Kalember. “For this reason, the security issues associated with BYOD — namely sensitive company data ending up in the wrong hands, or remaining on employees’ devices long after they leave the company — are issues that every IT team should be concerned about, regardless of whether their company has an official BYOD policy.”

Other steps to take to secure your organization include:

Put the focus on information. “To best protect company files, organizations must focus on securing the data itself, rather than just the device,” said Kalember. “This approach allows companies to remotely control who can access files, set expiration dates and revoke access at anytime—even if a device is stolen or ends up in the wrong hands.”

Face a moving target. “Cloud and mobile trends are boons to the user experience, but they can dramatically increase the number of technology and data silos an organization has to grapple with,” said Howard. “This creates a costly, Band-Aid approach to the management of security, privacy, compliance, digital assets, intellectual property and resources," he said. Ensure any cloud-enabled applications and systems meet your data residency needs. Look for service providers running regional or local data centers who are not subject to data sovereignty assertions from foreign governments.

Don’t ignore email risks. Email may not seem like much of a risk, but it’s the technology most employees use to share files, creating potential for security and information leaks, said Howard.
If you plan, you can minimize the risks for BYOD.

“Companies can embrace the benefits of BYOD while keeping their files secure as long as they architect smart policies and choose the right partners,” said Kalember.

Title image by Joel Kraut  (Flickr) via a CC BY-NC-SA 2.0 license.