The flexibility of being able to use the Bring Your Own Device (BYOD) system in the workplace has been seen as a ‘game changer’ for employees.
It frees them up to work how they want, when they want and, potentially, where they want. However, one possible drawback has emerged: the security of company data on personal devices, and the consequences of sensitive data loss.
The risks identified could prove particularly toxic to small businesses, putting them at risk of massive data loss and large-scale security breaches, as more people use their personal laptops, tablets and smartphones for business purposes.
Experts are now arguing that proper processes should be put in place to minimise the possibility of any such breaches. These risks were discussed by a panel, chaired by web hosting specialist UKFast, to alert SME employers to the security implications of BYOD.
Stuart Coulson, head of sales at online security specialists Secarma, and part of the panel, said: ‘Small start-ups don’t have the resources to gain each ISO or PCI standard straight away, and don’t yet necessarily have the expertise to achieve this either, whereas larger firms already have this foundation of accreditations and compliance, which makes implementing a BYOD strategy so much simpler and more effective.’
Elliot Hughes, from Cisco, expressed his fears that many businesses did not have robust processes in place to protect their data, and a great number were unaware it was even a risk. ‘A lot of people that we speak to don’t actually know what is going on in their network,’ he said. ‘The network has grown organically and they don’t have the budget or expertise to manage it properly. They could not tell you who has plugged into the network or when.’
The lack of expertise around understanding and controlling the security implications of BYOD is the biggest challenge faced by SMEs. Nick Francis of Barclays stressed the permanence of BYOD and the need for smaller businesses to catch up: ‘There’s no choice as to whether we embrace BYOD or not. People are going to do it anyway. It’s not an option to ignore, because the damage that leaked data can do to a brand’s reputation if client data is lost is massive.’
Technical director at UKFast, Neil Lathwood, said: ‘BYOD can prove valuable, allowing SMEs to be more responsive, flexible and up to date. However, we need to ensure our partners and clients are fully aware of the risks involved and are informed as to how these can be mitigated.’
‘While a BYOD policy does increase choice for every generation of employee, companies often feel they lose control over what happens to the device, with concerns over physical security as tablets are easy to steal outside the workplace’ Manish Sablok, head of marketing for CNE Europe, Alcatel-Lucent Enterprise
Recognise that BYOD is the latest off-shoot of general network security. Companies should go back to basics ensuring they have robust security provisions, and work from there
Consider why BYOD is necessary in your organisation. Who needs access and for what? Identify these crucial elements and build a policy from there
Practically speaking, businesses can:
• Remove access to corporate information that can be copied from network computers onto portable devices
• Silo the data to create data pools of specific data sets
• Limit access to these data pools
According to AirWatch, 40% of employees are using their personal devices to access business applications and emails
Editor: Shujaul Azam