BYOD: Breach Your Own Data or Bring Your Own Device to Work?
Bring Your Own Device (BYOD) is increasing in popularity. Employers love it: They can leverage the power of Smartphones, tablets and laptops, without having to pay the huge cost of supplying the devices to all staff members. BYOD can lead to a major increase in productivity, improve efficiency, and the devices facilitate better collaboration. They make communication so much easier.
That said, they do raise a number of security concerns, so much so that many security experts believe the acronym should stand for “Bring Your Own Doom”, or “Breach Your Own Data.” By running such a scheme are you just introducing unnecessary data security risks? Would it be better to bite the bullet and supply mobile devices to exercise greater control?
Employees are not necessarily careful with corporate data stored on their devices
Employees engage in risky online behavior. They fail to implement even basic security controls on their own devices and are prone to losing them. If the devices are used to store corporate data, this is a major security risk.
Even with the risks posed by allowing the devices to be used at work, a Fortinet survey recently revealed 74% of organizations in the United States have adopted BYOD.
The survey was conducted on 3,800 employees, half of whom believed bringing their own devices to work was a basic human right. In actual fact is it a privilege. The figures would be surprising were it not for the fact that all of the respondents were in their early twenties, many of whom had only just started their first job.
Young adults, often referred to as Generation Y, are tech-savvy and have grown up in an environment with a myriad of electronic devices at their disposal. They are heavily reliant on this technology. This is good news as it means they are able to use a wide range of devices competently; they know their way around a computer and are easy to train. On the downside they are perhaps too reliant on their mobile devices and use them too much to communicate. Take those devices away and they are at a loss.
Employers have realized that this technical expertise can be leveraged to improve efficiency in the workplace. They are also the CEOs, CISOs and senior executives of the future, and their understanding of how technology can be used in the workplace is far better than current industry heads. Their knowledge of technology can be used to increase profits, connect with customers, and tap into new, lucrative markets.
It is no surprise that even with the considerable security risks, Generation Y is encouraged to use mobile electronic devices at work. There are, after all, great benefits to be had. Companies that do not allow use of the devices could well find themselves falling behind their competitors.
What is the real cost of BYOD?
Improved efficiency and productivity does come at a cost. BYOD has a major drawback. It can make it far easier for hackers and malicious outsiders (and insiders) to gain access to corporate data. This is a major problem, especially for smaller organizations that lack the big budgets of the likes of Sony, Microsoft, IBM and Facebook. They cannot devote as much money to improving cybersecurity defenses.
Large companies may be targets for cybercriminals and hacktivists, but smaller businesses are now being targeted with increasing regularity. The data they store may not be worth as much, but it is far easier to gain access to. Small to medium-sized businesses are fast becoming the primary targets for many online criminals.
How robust are your BYOD Internet and email security controls?
Interestingly, the Fortinet study revealed that 66% of respondents thought it was their own responsibility to keep their devices secure. Only 22% believed device security was the responsibility of their employer. While it is good news that BYOD participants believe they should take care of their mobiles and ensure they are kept secure, this does not let organizations off the hook. If the devices are not properly controlled and managed, they could all too easily lead to a data breach.
One problem highlighted by the research is Generation Y is happy to break the rules. Policies can be put in place, but it does not mean they will be followed 100% of the time. One of the most effective ways of managing BYOD is to focus on BYOD participants rather than the devices that are used to connect to corporate networks. A user-centric approach has been shown to work very well. If the user is effectively managed, they are empowered to keep their devices secure.
That said, security controls must be implemented by an organization. Policies must be developed covering data security, and users must be reminded of the risks posed by the devices.