BYOD: Balancing Convenience and Security
It lies next to you as you sleep, comes with you to work, rides home with you in your car and even travels with you on vacation. Your smartphone goes with you everywhere. Although convenient, the unprecedented connectivity we are experiencing culturally with mobile devices can create an equally daunting issue when it comes to protecting information on those devices that could affect both your personal life and your job.
It can be difficult for employers to decide how much access they should give their employees when so many use their phones and tablets in unsecure ways that can give hackers unfettered access to everything on those devices, including company data. According to a recent report by Gartner, an IT research company, more than half of companies currently using some sort of bring-your-own-device (BYOD) policy will require employees to use their personal devices for work by 2017. And by 2016, 38% of companies are expected to stop providing devices at all to employees.
This predicted onslaught of BYOD could be opening the floodgates to any number of security issues that companies will need to harness in and track. However, this then raises the question of how much control your employer should have over your personal smartphone? Should they be allowed to dictate your use of apps, photos, texts and emails, even when out of the office? How much access to your personal data should they have, even if company data is also stored on the same device? These questions need to be addressed when building out a BYOD policy. And you should be aware of what policies are already in place at your office.
Many companies are very concerned over BYOD issues, especially when it comes to the possibility of protected company information getting leaked due to an employee who isn’t practicing safe searching. Most people use their phones for everything from personal calls to work emails, to social media posts and sending out spreadsheets or other documents. How do we know the actions we take aren’t putting not only our personal data at risk, but also our employers? For most businesses, three major concerns stand out when it comes to granting you admission to company data on your personal phone:
Access to Data
First the stickiest question: who gets access to what data on their personal devices, when and where?
Working out of the office on a tablet or smartphone, you may have to agree to a BYOD policy for what access you’ll get to company data in certain situations. For example, many companies allow you to access email and contacts on the company server through your phone when out of the office, but will cut you off from accessing sensitive data or files. But, what happens if you need to access that data for a client meeting?
Compounding this problem are smartphone and tablet apps that access and transmit company data in different ways, and can lead to valuable information being lost or taken by cybercriminals on less protected devices. Downloading risky apps to your mobile device can open both your personal and company information up to hackers and cyber thieves. Many apps ask for permission to data such as your passwords, location information, photos and more, and some take more information than they need, and even pass it on. This could effectively cause a company-wide data break-in if you download some type of malware onto your phone that then gets transferred through your phone into your office.
But it’s not just company data that businesses with BYOD policies need to be concerned over, it’s also what data on an employee’s personal device the company is allowed to access, when, and how. Just because you took a picture of notes during a meeting with your smartphone, it doesn’t give your employer the right to access your entire mobile photo library. This is just one of the reasons why having a clear, written, BYOD policy will become increasingly important over time to both employer and employee.
Losing Your Device
Lost devices are one of the largest concerns facing small, medium, and even large businesses with BYOD. That’s because with each lost device, personal or otherwise, there is a potential security threat for a company, especially if your device contains confidential information—from legal contracts to client contact information—and it’s even more worrisome when the device in question isn’t properly protected by a password lock or other security software. As we’ve previously discussed, a third of people don’t use passcodes on their devices, allowing virtually anyone to access sensitive data with a simple swipe.
If your smartphone or tablet gets lost, then who’s responsible for retrieving it, or deleting the data? Should the device be locked down, tracked and retrieved or immediately wiped when it’s first lost?
Maintenance and Malware
Finally there’s the issue of maintaining devices with app and other software updates. Companies today have a hard enough time keeping up to date with the latest software updates put out for smartphones, tablets, computers and various programs and that problem only gets worse when virtually all employees are using different devices, operating systems and apps. This can leave a number of gaps in the security of company information carried around by employees on their personal phones.
So how do you protect yourself when it comes to using your smartphone or tablet for both work and home use? Here are a few tips:
- Use caution when going between personal and work tasks on your mobile device. And try to use different apps for company and personal use to keep things separate and safe. Keeping to-do lists, emails and other items separated can also help eliminate confusion and mistakes.
- Avoid downloading apps from third-party vendors. These risky apps could open the door to spyware and other malware that will expose both you and your company information.
- Check the app’s permissions before downloading a new app, especially those that ask for complete access to the data on your device. Be on the safe side and avoid apps that ask for all-inclusive privileges. As an example, a game app most likely does not require your location information.
- Do not access data-sensitive apps on your mobile device over a public Wi-Fi signal. Cyber snoops could be very near just waiting to get a glance into all of your mobile data.
- Keep your personal and work information protected with comprehensive mobile security, like McAfee® Mobile Security, that will not only scan your device for viruses and threats, but also help you identify apps that are accessing too much of your valuable personal information. To protect all the devices you own, from smartphones to PCs, use a solution like McAfee LiveSafe™ service.
BYOD is a great concept, helping to boost productivity and making life more convenient between work and home. But it can lead to some tricky issues for employees and companies alike when asking how much connection to work is too much?