Companies and employees embrace BYOD but with compliance and risk challenges
In 2012, Facebook CEO Mark Zuckerberg famously redirected the entire company to focus on mobile. It was a prescient move. Eight years later and as these stats show, you could say all companies are mobile.
We’ve seen a shift to using personal devices for work, whether the workplace is the office, the home, the neighborhood coffee shop, or the airport and plane. Millions of people access work on their smartphones, smartwatches, tablets, and laptops. They use their phone for work email and to perform two-factor authentication. How often do you see someone in a meeting glance at their phone or smartwatch?
Zuckerberg’s vision and the shift to personal devices for work took on an acronym. BYOD, which stands for Bring Your Own Device. BYOD is forcing organizations to take on compliance and risk challenges brought about by the use of personal devices for work purposes.
In this post, we’ll share the importance of BYOD policies, alert you to compliance challenges, as well as the risks posed by personal devices tethered to IT infrastructure.
BYOD policies should be a win-win for company and employee
Employees bringing their devices to work isn’t a right. It’s a privilege. Employees need to be open to smart restrictions on device usage. At the same time, management should see devices at work as improving productivity and morale. Employees use their smartphones for many work purposes like accessing office email and work apps.
BYOD policies help ensure a win-win for both the company and the employee. For employers, a BYOD policy should govern acceptable use, security, risks, and more. Here’s a sample BYOD template. It’s also imperative to ensure employees attest to receiving the BYOD policy and don’t be afraid to test how well they comprehend the policy.
For employees, adhere to your company’s BYOD policy while leveraging smartphones and other personal device capabilities for work. Use your device to communicate more effectively, manage work calendars, and get your work done.
Manage risks associated with a workplace filled with personal devices
One of the biggest risks to personal devices is malicious software. Another big risk is devices that are lost or stolen. Keep devices that access work servers updated with virus protection, authentication, and encryption software. A BYOD policy should require a complex password that’s next to impossible to break if the device is lost or stolen.
IT security should have the capability to scan all devices and assets on the network and detect unauthorized access or downloading of unapproved software. The goal is to ensure vulnerabilities aren’t inadvertently introduced to the company network.
Despite best efforts at BYOD policy and IT risk management, incidents can occur. In this DARK Reading article, a study UK financial companies found 70 percent had suffered a cybersecurity incident in the past month. Over a third of the incidents were due to malware and viruses introduced through third-party devices, including USBs and BYOD.
A BYOD policy and IT risk management can help lower the risk of incidents, but they can’t eliminate the risk of incidents. When an incident occurs, do your due diligence, from root cause analysis to record-keeping and archiving what happened and why.
Privacy concerns with BYOD
The smartphone brought to work is a person’s device, as is the smartwatch, tablet, and personal laptop. Texts, search history, health apps, everything is associated with the device owner. Employees don’t want IT looking at private photos, private texts, or social network activity.
It’s up to IT security to ensure both the network and employees’ privacy are protected when personal devices connect to the network and drives. The best privacy solution would be to separate work data from personal data. Apple’s mobile device management (MDM) is an attempt at this by making corporate BYOD programs less invasive to user privacy.
In the US, stay tuned on data privacy with regulations like CCPA and how they might impact data privacy and BYOD.
BYOD isn’t going away. It continues to grow in popularity as people choose to work at home, at coffee shops, on airplanes, anywhere they can get online and work. From the stat file, 67 percent of employees use their devices at work. 69 percent of IT decision-makers say BYOD is a good thing.
That says there is a healthy balance between employees bringing their devices to work and satisfaction among compliance and IT professionals with their use. Credit goes to compliance for creating BYOD policies and IT for adapting to new technology in the workplace.
As device technology adapts to innovations like 5G and data privacy regulations sweep across the US, BYOD will be a compliance and risk management development to watch.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.
We see a trend that would unify compliance and risk management under the same umbrella and help address the new risk landscape. It’s a principled, ethical approach to governance. Good governance guides organizations to do the right thing.
UK banks must now comply with the Senior Managers and Certification Regime, known as SMCR. Learn SMCR’s major requirements, top challenges, and best practices for compliance.