Do you let your employees bring their own devices in for use on your company network or Wi-Fi connection? If so, we’re sure that they love the freedom that you provide for them, but we must warn you of the dangers that this can bring to an otherwise careful business. We’ll discuss some of the benefits, as well as the pitfalls, of allowing your employees to use personal devices in the workplace.
First, the benefits. Your team will likely get more done if they are using devices that they are comfortable with. After all, forcing someone to use a company-provided iPhone when they have a Samsung device that they are perfectly comfortable with will do nothing but cause friction and make for a frustrating experience. Plus, this also saves you from investing in company devices for your employees, which can be of significant expense. Furthermore, employees just like the freedom of using their own devices. Since nobody likes being told that they can’t do something--namely, use their phones in the workplace--it makes sense that you avoid the problem altogether by implementing BYOD.
However, it’s still important that you implement BYOD in a way which makes sense from a security standpoint, without hindering the ability of your employees to work properly. We’re here to help you design a BYOD strategy that makes sense for your organization.
Not all applications found on the Google Play Store will have your best interests in mind. You want to ensure that your employees won’t download just any application to their device, primarily because they might accidentally expose any of business’ sensitive data on their device. While you could trust that your employees won’t be downloading suspicious apps, you might be surprised to hear that these apps can be rather sneaky with how they access certain data on your device. For an example, look at the typical flashlight app. While it might need access to your camera for use of the flash, it certainly doesn’t need access to any other information, like your contacts or messages. The apps will request permissions, so you’ll have an opportunity to deny them, but it’s best to prevent this outright with application blacklisting. In general, it’s best not to download apps to your device unless they have been approved by IT.
What happens if one of your employees loses their device? You never know who could find it. It could be a do-gooder who wants to return it to its proper owner, but more likely than not, it will be someone who either wants to keep the phone for themselves, or sell it to make a quick buck. From there, your imagination can run wild, dreaming up all of the worst-case scenarios. A hacker could steal information about your business from it, or someone could steal the identity of your employee, putting the rest of your organization at risk. Remote wiping dodges this bullet by eliminating data on the device when it is lost or stolen.
User Access Restriction
Not all users need access to the same information in order to do their jobs properly. For example, your human resources department might need access to sensitive information, like dates of birth or Social Security numbers, but the typical user certainly doesn’t. On the other hand, only accounting needs access to bank account routing numbers and other financial credentials. You need to make sure that your BYOD policy implements such solutions to ensure that sensitive information isn’t available to just any employee. This means that anyone who loses their device will only give the device’s finder access to any information they were privy to in the first place. While it might only be a small consolation to consider, it’s certainly better than exposing your entire data infrastructure to a hacker or identity thief.
Does your business need assistance with a BYOD policy? If so, reach out to us at 607.433.2200. Our trusted technicians will work with your organization to ensure you implement only the best, most fitting BYOD policy to suit your needs.