In 2018, to borrow an idea from the title of a classic movie, it’s a BYOD, BYOD, BYOD, BYOD world.
BYOD is short for bring your own device—the trend in which employees use their own smartphones, tablets, laptops, and other personal technologies for work. Companies and their IT departments are not only tolerating BYOD, but also embracing it as a smart strategy to increase productivity and reduce costs. A recent report from Cisco found that “69 percent of IT leaders are ‘positive’ about BYOD.” The trend has been growing for years now, especially as the workplace has changed—millennials think nothing of working remotely and using their own mobile devices to succeed.
Yet, BYOD comes with its own challenges, not the least of which is security. A computer in your office has firewalls, IT support, and other measures to protect the data within it and the servers it’s connected to. A smartphone on which an employee checks work email and also Snapchats and plays Candy Crush may not have any of those protections. Knowing the threats that accompany BYOD is critical for Los Angeles’s small and midsized businesses (SMBs) to establish strong policies and governance in order to, ultimately, take full advantage of the mobile workplace revolution in progress.
Why BYOD Policies Matter
Before looking at some of the threats SMBs must be aware of, let’s examine why BYOD policies are important to your business. BYOD offers tremendous productivity benefits—employees who are already comfortable using their smartphones and laptops for personal use will be just as comfortable getting work done on those devices. Moreover, these employees won’t be tethered to a desk all day and can work from wherever their responsibilities take them. From a cost standpoint, companies save money by not needing to pay for physical servers, computers and monitors, expensive non-cloud software applications, and expanded IT support.
However, one breach through a mobile device can cause any productivity and cost benefits to disappear in a hurry. Security concerns are legitimate—but not a dealbreaker. Strong BYOD policies protect your systems and data, and help prevent the type of breach that can take down SMBs.
Lazy Password Usage
Examining the various BYOD threats, passwords may be the easiest for the bad guys to exploit—but also the easiest to correct. Think about the personal email on your own phone: Do you save the password and just click on an icon to access, or do you enter your username and password every time? People love the convenience of their smartphones, but that convenience can be dangerous when extended to workplace apps. BYOD policies that don’t allow users to save passwords, that require strong passwords that must be changed periodically (e.g., every month), and that educate employees can help ensure that if a device stolen, the thief won’t be able to waltz into your systems.
Your in-house computers—and even the mobile devices you provide to employees—likely use firewalls to keep malicious files from invading. Employees’ personal devices might not have as strong protection, if they have firewalls at all. Workers may unwittingly open an email attachment on their personal accounts, after which all hell can break loose, particularly if a virus finds its way to a work app installed on the device. With all the measures you might have in place to prevent malware and ransomware attacks, seeing your systems compromised because an employee accidentally clicked on a bad email attachment will be especially painful.
You’ve seen and heard the warnings: Don’t trust sensitive information to open Wi-Fi networks. This is likely why you don’t open your banking app on a free McDonald’s network. Yet, mobile workers may think nothing of accessing work email or cloud apps in public places with insecure Wi-Fi. Hackers know this and scan users on open networks for security flaws and unprotected data—essentially, the keys to your company’s kingdom.
Unfortunately, perhaps the greatest threat BYOD employees must deal with are themselves. They fail to follow (sometimes because they simply forget) the policies their employers have set for mobile use and use weak passwords, log in to suspicious networks, and don’t take advantage of their devices’ lock-screen feature. Or, they leave their phones in a coffee shop or another public place, where there’s no guarantee that the person who finds it will turn it in or refrain from snooping around and possibly accessing your systems. Your employees are human, and losing a phone happens, but in the absence of other BYOD best practices, such a loss can lead to much worse consequences.
Countering the Threats
A combination of strong governance, helpful mobile device management (MDM) solutions, and employee diligence is the best way to make BYOD work for and not against you. Yet, the idea of developing a solid and comprehensive BYOD policy can be daunting for small businesses that lack the IT staff and technological expertise to accomplish this goal. An outside consultant such as a managed service provider (MSP) offers an avenue to strengthening you BYOD strategy without bogging you down. The best MSPs assess your workers’ current mobile habits and usage, recommend and implement solutions to improve mobile security, and develop a BYOD policy that outlines the strategy and educates employees. With this assistance, you can enjoy the benefits of BYOD and breathe a little easier knowing that mobile employees are less likely to inadvertently expose your company to cyber threats.
How is BYOD handled at your company?