Are you letting your employees use their own smartphones, laptops, tablets and other devices for business and feeling thankful that you’re not having to buy them? You might want to reconsider. Bringing your own device (a.k.a., BYOD) to work is one of the biggest trends in business computing today, but what seems to be savings on the surface can cost you dearly if you don’t have appropriate security practices in place.
And most businesses don’t. A new study by KnowBe4 and ITIC found almost two-thirds of businesses allow employees to use their own devices at work, and 71 percent of those companies have no specific policies and procedures in place to ensure security—even though employees are using the devices to access sensitive data, network applications and e-mail. Only 13 percent of companies had BYOD policies in place; another 9 percent were in the process of developing them.
Not only are companies not setting policies around BYOD security, but they can’t even agree on who is responsible for it. Some 37 percent believe the company should be responsible; 39 percent say the users are responsible and 21 percent say both have equal responsibility.
Now, you may feel your employees should be responsible for securing their own devices (and you might even be right), but the reality is, your employees don’t have as much stake in the business as you do. If someone loses a device or a hacker hacks into a device, it’s your business that stands to get hurt. And with mobile devices extremely vulnerable to hacking, loss and theft, that’s a very real possibility.
So what should you do? The BYOD trend isn’t going away—and it does offer many pro’s for small-business owners. But you also need to be aware of the cons and take the proper steps. Here are KnowBe4's recommendations.Conduct a risk assessment. Know who is using what devices and what they’re using them for. Be sure to include at-home computers; you may not know if employees are using their home computers to access your business. Review your assessment regularly to keep up with new devices and new security threats.
Set a security policy. You may need to enlist an IT consultant, since even if you have your own IT team, they likely have their hands full dealing with day-to-day issues. The study found security was third on the list of challenges businesses identified around BYOD, with simply providing management and support for devices taking the top spot.
Communicate. The greatest security policy in the world doesn’t matter if employees don’t know about it. Make your BYOD policy part of your employee training, and update employees on changes to the policy and new threats on a regular basis.
Enforce. Employees won’t comply with the policy if there are no consequences for failing to do so. Spell out what a security breach could mean (loss of revenue, loss of jobs, pay cuts, the end of your business—get as dramatic as you need to) and monitor employees’ BYOD use to keep everyone on the same page.