Thoughts about BYOD (Bring Your Own Device) for the Modern Employer
For many of our employees, whether we realize it or not, every day they use personal devices at the office, such as a personal phone, tablet, or laptop for business work. Many times, it happens without a second thought, most times out of convenience, but essentially out of need. Now that many people are working remotely from home due to COVID restrictions, BYOD has become the norm.
Like many things, BYOD is not bad at its core. When asked to work from home, it just seems like a natural fit. The employee is comfortable with their device and it will do everything that the company wants it to do. Win-win, right?
Good intentions and all that
The concern is this: When an employee uses their own device to access company information, the company loses all control over files and data. Most commonly, a company email account is set up, file shares are available, and Website and application credentials are stored locally. And even if the user is careful to not intentionally save anything to their device, it happens just through normal, everyday use; temporary files are created on the device and autosaved documents are stored. Sensitive business data now resides outside the business.
Let’s go a step further. After a few years, an otherwise good employee leaves, on good terms to take another job. Your IT staff does their job and removes user accounts and access from the network and email. This sounds sufficient until we find out that the employee was saving business files to their device, which they are now using with the new company. That is your information now being used against you with your competition.
What can be done about BYOD?
With a company owned device, you can do a remote wipe if the laptop is lost or stolen. This prevents the loss of data. But because the laptop is owned by the employee and not the business, you realistically have no authority to impose any type of remote wipe policy. The best way to handle this is by providing the laptop or tablet to the employee, setting a clear distinction between ‘business’ use and ‘personal’ use.
With this being a company asset, your IT staff can apply the proper antivirus, data backup and remote management tools, including remote wipe capabilities, on the laptop. File share policies are also available to enforce data loss prevention, i.e., disable USB storage or saving to other locations, and log all user activity on the device (Why are you emailing the company client list to a 3rd party?).
Yes, there is the up-front cost of a new laptop, but in the long run you will be saving yourself time and frustration, which translates to protecting your valuable data and saving the company money.
All is not lost
My intention with this post is not to scare you or make you paranoid that your employees may be stealing from you. Good security practices do require a little paranoia, however, and hopefully this has sparked a little self-examination of your current BYOD policy.
We at NetData take your data very seriously. Your company information, contracts, accounts receivable, and business processes are the lifeblood of your business. We can help craft a policy that meets your needs and still maintains employee productivity. BYOD isn’t always a bad thing, but if you can avoid it, it is in your best interest to own the device and keep your data safe.