Bring Your Own Device (BYOD) policies can be a very useful thing for businesses, particularly small- to medium-sized businesses – not having to invest money into purchasing phones for each employee can prove to be a significant cost saving. However, that is not to say that a company can simply allow employees to use personal devices for work and that be the end of it.
There is definitely a correct way to make a BYOD strategy for a workplace, and there are definitely mistakes that organisations and people can make when it comes to using their own mobile devices. We spoke to TechQuarters, a London IT support company with lots of experience setting up sae BYOD policies for their customers. According to them, the most important thing to do is set out rules and policies for the company. Below are some of the top mistakes organisations and people can make if a secure BYOD strategy has not been laid out.
- No criteria for work devices
To start with, not all work devices are created equal; some devices employees use might be older than others. Some devices might have been manufactured with better hardware security than others. Some mobile devices might not be compatible with the mobile applications the company requires employees to have and use. All of these factors can have negative effects on the company and the employees ability to work – what if their 3-year-old mobile phone has a vulnerability that cyber criminals could exploit?
- Mixing personal and business information
One of the biggest hurdles with BYOD management is the potential for company data and person data to intermingle within a user’s phone. There are a number of problems with this happening; for one thing, when company and personal data intermingles it can become harder to keep track of it all – this makes it much easier for company data to leak out by mistake. Other issues could arise if, for example, a user has a shared data plan with a partner or family; information such as company contacts could find their way onto the devices of the user’s partner or families – this could lead to a significant privacy infringement by accident.
The segregation of company data from personal data on a user’s phone is a critical step in mobile device management in a business.
- Losing company data if a phone is broken, lost or stolen
If a business does not set out strict BYOD policies, a lot can go wrong depending on what each individual user’s common practices with their phone are.
For instance, some users might be prone to putting their phones down somewhere and forgetting where they left it – the user might lose their phone by leaving it on public transport; worse yet, they might leave it where it is likely to get stolen; and what if an employee simply drops their phone and breaks it? What would happen to the company data in any of those 3 scenarios?
If BYOD policies are to be put in place in a company, there should also be meticulous backup policies to make sure that company data cannot be lost forever. What is more, many mobile device management solutions enable companies to wipe a phone remotely if it gets lost or stolen.
- Connecting to public networks
One of the many advantages of working with a mobile device is the flexibility it gives you to work while you’re on the go. With a work device, you can take work with you on your commute, or while you’re out getting lunch. However, a company should also consider the fact that working on a phone whilst out of the office might mean having to connect to an unsecured network. Almost all public networks – such as the ones available in cafes, restaurants, and shops – will be unsecured, or at least have much less security than the private network used in one’s office.
One solution a company can take is to roll out a company-approved VPN client that all users install on their phone and use while they are working.
- Storing company data on potentially infected devices
There are millions of apps available on smartphones, and unfortunately, many apps even on legitimate app stores contain malware, spyware, and adware. The last thing a company wants to happen is have their company data stolen from an employee’s device because they have downloaded a suspicious app. Less serious, but still significant issues might also be an employee experiencing downtime because their phone is infected with a virus and they can’t use it.
Antivirus/anti-malware policies exist for this purpose; a company approves their antivirus solution and then installs it on every person device enrolled with the company. A company should make efforts to find out what phone each employee will plan to use as their device, so that they can be sure to select an antivirus solution that is supported on every user’s device.