Employees are increasingly using their personal mobile devices for work purposes. Referred to as 'Bring Your Own Device' or more commonly 'BYOD', nearly half of all UK adults now take part in a BYOD programme. Although there are many benefits associated with BYOD in terms of increased productivity, employee satisfaction and reduced costs, there are also security risks.
It has been reported that 60% of BYOD employees have no mobile security settings or simply use default settings. This presents a huge risk for companies in terms of loss or breach of client data. If a device is lost or stolen, company data can easily fall into the wrong hands, with costly repercussions for your business.
Key to mitigating these risks is having an effective plan to manage all mobile devices. Our checklist below provides a step by step guide for successfully implementing a BYOD programme:
1. Planning & Policy
The first step is to determine your objectives for enabling mobile working and to decide which devices you will allow. This will help you establish an effective BYOD policy, which should include guidelines on acceptable usage, forbidden applications and avoiding dangerous activities. Striking the right balance between usability and security is important to ensure the policy is not so restrictive that it drives down adoption and ultimately undermines your mobile approach.
Communicating your BYOD policy through employee training and education is key. This will ensure employees understand their responsibilities and acceptable behaviours. Explaining the security risks associated with mobile devices will help to improve acceptance and adoption levels.
3. Security & Management
Investing in Mobile Device Management (MDM) can make day-to-day mobile management considerably easier. This technology can help you remotely secure, manage and support enrolled devices, whether company or employee owned. By setting compliance criteria, you can enforce things such as complex passwords, data encryption or even restrict the geographical location where a device can be used.
If a device falls out of compliance, management are immediately alerted and can choose which action to take, such as disabling the device or wiping company data. In the event of a device being lost or stolen, or an employee contract terminated, company data can be wiped without touching personal data.
These management tools are relatively inexpensive, starting from as little as £3 per device per month – less than a cup of coffee! Moreover, the privacy of your data is never compromised as it cannot be read. Emphasising this point to employees is important as it can alleviate any privacy concerns.
A successful BYOD approach will result in support requests for a greater number of device types and operating systems. Ensuring you have the expertise and resources to manage this growing range of devices is important.
For more information on BYOD good practice as published by the government, visit BYOD Guidance: Executive Summary.