Member Article

The BYOD full circle

Bring Your Own Device (BYOD) was kicked off by the smartphone and tablet revolution. As soon as everybody had their own powerful machine in their pocket workplaces deemed it useful to harness this power which we bring to work ourselves. In a stark contrast to 20 or even 10 years ago, when the only computer that we used was in the office, now we find ourselves carrying this equipment around with us and using the same technology at home as we do at work.

BYOD gives employees and employers more flexibility to complete their tasks at home, at work, during the commute or while waiting for a meeting. It also allows people to use mobile or cloud apps to share files and folders, and well as take advantage of the functionality offered by many smartphone and tablet apps on the market.

However, while the flexibility and functionality of BYOD is certainly enjoyed by many, and there are efficiencies for the employer, there are some serious risks that come along with bringing your own device into the workplace and on to the secured network. In fact, the phenomenon of BYOD is fast going full circle as IT departments are deeming the idea a security threat once employees take advantage of the unrestricted freedom of using mobile and cloud apps without the company having any control of how or where their data is stored, accessed and used. This extends to seemingly innocent photos taken within the workplace which could expose intellectual property or the potential damage of comments made on social media from personal devices within the work environment.

Data security is hugely overlooked by many companies and employees the world over, as many people believe that their storage is automatically secure, without checking the location where it is held or the level of authentication to access their data . So their presumption of safety in numbers may be wrong, and even if you discount the idea of saving to a cloud and stand firm on using a back up network server or hard drive under your physical control, you can never be one hundred percent certain that your data and all of your information is safe from prying eyes, disaster, malfunction or even theft.

Cloud storage, while more convenient and sometimes more secure, is not under the direct control of your business, so a cloud storage system that you might think is highly secure could well turn out to be the exact opposite. And it’s not only about being able to trust the company with whom you are storing your information; it is also about reading the fine print in a cloud storage contract. Cloud storage can leave businesses watertight from damage and from other internal problems including network malfunction and hacking, but it must be chosen correctly.

However, the problem with using employees’ own devices is not just that the storage of information could become vulnerable. Other issues for companies of late have been the use of apps or links that make the phone or the tablet more vulnerable to hackers, therefore increasing the likelihood of data leakage and the loss of information about your business, your clients, your employees and other sensitive details. Certain celebrities have found this to their cost when highly personal photographs were published from their cloud storage due to this kind of vulnerability.

Another issue is if your employees simply lose their device, thus rendering them out of contact. In the age in which we live, an employee with no equipment from which to work is almost completely incapacitated; we rely on technology to get every job done, to communicate with all of our colleagues, clients and subordinates. An effective cloud storage system, of course, would restore the lost data but losing a personal device is highly inconvenient not only to the individual but affects their ability to deliver work for the company. In contrast if a PC breaks in an office, it is usually possible to log on to another.

It’s also not just the companies that have security fears over BYOD, as employees are well within their rights to be concerned as well. One way of gaining the flexibility of BYOD without losing control of company data is for the company to secure these personal devices, which ultimately makes them accessible by the company. To many employees the thought of their employer gaining access to their personal data is uncomfortable. One such nightmare scenario would be for your boss to gain access to your tablet, read your emails and discover through your search history that you are in fact searching for a new job. Some employees also fear that through BYOD their smartphones will be used to track them, and their employers will be able to keep tabs on their every move. The blurring of personal and business use raises interesting questions regarding control.

While some of these fears may be far-fetched, once a device is unsecured it is possible to do almost anything with it, and a survey recently conducted found that over 30% of people who use their own devices for work have no security features enabled on it. And from the 70% who did have security features enabled, that security was only the four digit password that is offered with the mobile phone.

These statistics make BYOD seem like a dangerous idea, as employees are carrying around with them the latent ability to hack into a company’s sensitive information just at the touch of a button. With applications such as company email, log-in information for the corporate network and proprietary data, once one of these devices falls into the wrong hands a company would have to work very hard and very fast in order to prevent harm.

BYOD is going full circle. The first time a company thought about allowing employees to use the devices that they already owned and loved for work purposes, as well as personal use, the advantages seemed tantamount for all involved. Employees’ satisfaction levels increased, thanks to their more flexible working conditions, and with it their productivity. Companies were happy too. BYOD automatically brought cost savings and increased productivity meant a more efficient workforce, happy clients and profit. However there was a downside. While it seemed like BYOD was a happy playground that we could all enjoy, the truth is the concept is turning back around as we discover the complications and negative effects of the use of employees’ own devices for business. For companies problems lie with control over what level of data is accessed on these devices, and the issues around forcing any kind of sanction or restriction on employees’ use of their own devices. The original convenience has been replaced with complexity.

The biggest risk in rolling out BYOD is for companies to do so without having any kind of policy in place beforehand. Businesses can, and should, think more about the negative effects of BYOD versus the advantages, and the possibilities that come from these. Policies are needed to govern the management of devices that are not supported by the company, in order to provide a solution to problems that the business has already encountered or that they foresee.

To enhance BYOD as a positive way of working and to get past the security fears and pre-empt any HR issues, a BYOD policy should incorporate secure device management, the tracking and careful deployment of mobile applications and clear guidelines regarding employee and employer collaboration through mobile devices. Policy design is up to the business, whether the company wants to instil a lightweight policy that restricts the use of certain company data on the device but allows total freedom for personal use, or a procedure whereby the company takes over the ownership of the device in everything but name and entirely lays out what the employee can and cannot do with their device.

Whatever policy you want to set out for your business, data and the device should both be secured so that you and your employees are free from all worries. One simple way of doing this is to look at having connectivity specifically set up for mobile devices, distinct from the corporate LAN, alongside a strict policy on the use of company data. It just requires careful thought. BYOD should be a convenience, flexible and hassle free.

This was posted in Bdaily's Members' News section by Sonia Blizzard .