Information Technology Asset Management (ITAM) has been confronted by arguably its most formidable nemesis: BYOD. Gone are the days of only tracking desktops and company-issued laptops; enter the mobile-device-age and the seemingly endless stream of security issues that accompany its inevitable arrival to the daily office routine.
1) Understanding the Risk of BYOD
Allowing employees to work anytime, anywhere with their own device is the fundamental purpose for instituting a BYOD strategy. However, this anytime/anywhere capability can lead to obvious security threats which are guaranteed to arise without a sound corporate BYOD policy.
According to a survey conducted by Dimensional Research, 93% of organizations have mobile devices (smartphones/tablets) connected to corporate networks, with 67% of that number being personally owned devices. That is a substantial number for IT to maintain corporate security, especially since those personally owned devices are not required to follow company security standards when outside working hours.
To make matters worse, 66% of participants indicated careless employees are a greater threat to security than hackers, which ultimately makes the 53% of employee mobile devices with confidential customer data an incredible business liability.
2) Assessing the Risks Involved
Have your IT team consider potential risks to your organization by implementing BYOD. This can include an external source trying to make its way onto your network, increased support costs due to a wider range of technologies, or even internal users wanting a say in the restrictions being pressed on them.
In addition to considering potential risks, brainstorm policy strategies to ensure you achieve optimal security. Consider implementing simple IT precautions such as:
- Password protection and device encryption when accessing corporate email
- Management of devices by IT using corporate approved Mobile Device Management (MDM) systems
- Rights to audit and monitor activity on personally owned devices
- Consent for the company to access the device for business purposesEmployee obligation to report a lost device, and IT’s responsibility to wipe it to prevent misuse of that information
- For instance, if a sales employee leaves the company with all of his/her sales contacts on the mobile device, then that’s a huge company asset that goes missing or into the hands of competitors.
3) Establishing Company Awareness
Extensive measures must be put in place to try and safeguard from any loss of data. Consider the ramifications of a top executive losing his or her smart phone containing in-development screenshots of a project. Should a competitor obtain these files, the advantage of launching your project to the market incognito will be lost, and the integrity of the project’s details compromised.
By establishing clear policy guidelines and requiring mandatory compliance to these policies, organizations intending to implement BYOD can mitigate legal implications should an employee lose his or her mobile device. Some examples of proactive measures to consider:
- Policies should be legal and the rules clear to all employees about joining, leaving, or altering participation in a BYOD program
- Drive awareness around Terms and Conditions of existing agreements and impact as BYOD becomes more prevalent
- Develop ITAM policies around acceptable use of BYOD in an organization
- Create clear policies on which devices can be used – employees should not expect every device to be enterprise-ready and included in the system
Despite the complexities involved in managing a BYOD policy, you decided that the rewards far outweigh the risks, and rightfully so! The obvious advantages of BYOD from an employee satisfaction/motivation standpoint as well as an employer cost-benefit standpoint will be immediately apparent as you observe increased workplace productivity:
Employees carry less equipment, thus, lowering hardware procurement costs
Staff availability increases as their BYOD agreement requires constant access
Employer reputation increased as an organization that embraces the newest technologies
However, as with any tech upgrade in the workplace, key details must be addressed so that both the employee and employer maintain a fundamental understanding of the rules involved with BYOD:
- Who pays for the device
- What happens in the loss of a private device and who replaces it
- User restrictions for the device
- Employee training regarding mobile software licensing rights
Without strict guidelines, BYOD can easily be turned into an employee-abused asset, ultimately costing the company more time and money. If you’re interested in learning more about BYOD policies and procedures, as well as the ideal mobile device designed to incorporate with enterprise security standards, click our banner below.