BYOD: The Risks and Rewards for a Business
There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has brought its share of headaches as well.
People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications.
While this brings certain competitive advantages to employers, it naturally carries many risks, too.
THREE THINGS TO CONSIDER BEFORE JUMPING INTO BYOD
Workplaces where companies let workers use their own devices for work purposes are the new normal. BYOD attracts new hires and lifts employee morale and productivity.
But this doesn’t mean a small business owner should recklessly jump right into BYOD just because everyone else is doing it. Data and network security concerns have to be thought out, defined, and addressed in a comprehensive BYOD policy.
Here are three things to consider when beginning to develop a strategy.
Cost of support
Most businesses salivate at the thought of the money saved by having employees participate in a BYOD program. With employees using their own devices for work, there is no need to shell out thousands of dollars for desktop PCs, smartphones, tablets, and laptops.
While that’s undoubtedly a huge incentive, extra support costs must also be factored in. Chances are your employees aren’t necessarily tech savvy and will need help deploying applications and performing basic yet very necessary maintenance techniques.
Unless you have a dedicated IT support team, which most SMBs lack, you will likely want to turn to a Managed Service Provider (MSP) in your region for support. An MSP can provide specialized expertise and leverage Mobile Device Management (MDM) tools to keep your network infrastructure and business applications monitored, secured, and fully optimized.
Limited number of support devices
Obviously you can’t accommodate EVERY employee-owned device. Limiting the types of devices accepted in your BYOD program will mitigate any need to pay for software or equipment upgrades for outdated devices and keep your infrastructure safer as a whole.
It’s important to not be too exclusive; select a broad range of devices and their more recent releases to accommodate the varied preferences/tastes of your employees.
Adopting BYOD at your workplace will expose your company to more legal risks. Sensitive business or private client/customer data can potentially be exposed if devices are lost or stolen.
The personal online habits of your employees can also increase your network’s vulnerability to viruses, phishing, or hacking schemes designed to steal such data.
These increased legal risks are another reason why SMBs must take precautions such as working with an MSP that offers a solid MDM solution to ensure all employee devices are configured, deployed, managed, and monitored in a manner that prioritizes data integrity and security.
BYOD AND CYBERCRIME
More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device policies in place. Some have none at all.
Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets.
This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business. If customer/client data is breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.
Don’t just say you’re worried about the bad guys...deal with them
SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture.
"Nearly half of companies (45 percent) don't enforce device policies, almost 30 percent of companies have at least one outdated policy, just nine percent enforce OS updates, and 11 percent have compromised devices accessing corporate data. In addition 44 percent of companies have at least one missing device" (MobileIron study via BetaNews).
Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws. Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies.
Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.
A mobility policy is all about acceptable/unacceptable behaviors
Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time.
Start small by laying some basic usage ground rules, defining acceptable devices, and protocols for setting passwords and downloading third-party apps. Define what data belongs to the company and how it's to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.
Features of mobile device management services
MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:
- Specifying password policy and enforcing encryption settings
- Detecting and restricting tampered devices
- Remotely locating, locking, and wiping lost or stolen devices
- Removing corporate data from any system while leaving personal data intact
- Enabling real time diagnosis/resolution of device, user, or app issues
It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.
THE POSITIVES OF BYOD
With all the risks inherent in BYOD, why would you or any other business owner ever consider it? While it does have its share of concerns, there are worthwhile benefits that many companies can't pass up.
Companies have been providing their employees mobile phones for business use for a few decades. Those employees have to carry two phones, since everyone also has a personal phone.
This duality is a nuisance. It is hard enough to care for one mobile phone and now they have to worry about two. The reality is that companies expect employees to be in contact 24/7, so company devices can't just be used at work. They have to be carried home, out to the store, etc. If the employees have a choice they would much rather carry just one phone, their own, enabling them to be reachable by anyone, anytime.
Purchasing even the most basic Blackberry for an employee can cost a company $900+ per worker. Costs like that can be completely eliminated by adopting a BYOD policy where employees are required to use their own device. Using a phone that an employee is already familiar with also eliminates the need for device training and onboarding, saving both time and money.
"For mobile users, basic BYOD delivers an average annual value of $350 for companies. With a comprehensive, reactive BYOD program, that gain jumps to $1,300 per mobile user per year" (Cisco study).
Happier employees/attractiveness to job seekers
Recent studies have found that about half of job seekers are attracted more to employers who are open to BYOD and occasional remote work. Additionally, "Unisys reports that a significant number of jobseekers view an organization more positively if it supports their device" (Fortune).
Beyond this hiring advantage over competition, it has been found that employees as a whole are generally happier using the devices they own and prefer for work purposes.
Better customer service
This goes hand and hand with more flexibility and productivity. Mobility allows employees to occasionally resolve or escalate urgent client issues outside of normal working hours, and clients remember that kind of response time.
Greater flexibility and productivity
Personal devices allow workers more flexibility, which in turn can increase productivity. Today’s employee isn’t restricted to their office workstation or cubicle. They can carry out job responsibilities from home, a coffee shop, their child’s dance recital, or while traveling.
And since employees are already used to their device of choice, productivity will not suffer as it would if they had to learn a new system and applications.
PRACTICE SAFE BYOD
Implementing a comprehensive BYOD policy right now, rather than when it’s too late, is important. Below we recap the major items that any business currently thinking about or building a BYOD strategy should consider.
- It must clearly be outlined what specific devices are permitted for work use.
- The company/organization must have the ability to remotely delete company-sensitive data from mobile devices without the device owner’s permission. Remote deletion capabilities are much more refined these days, simplifying the removal of enterprise-related data from devices while leaving other content like personal photos, contacts, apps, and music downloads intact.
- Employee privacy should be discussed within the BYOD policy since employees often use these devices to check personal email; browse or post to Facebook and Twitter feeds; instant message; and store personal documents, photos, music, and movie downloads. Employees must understand that employers still have access to the content stored on these devices. Location tracking, which gives employers the ability to locate employees, is also something to discuss since many people don’t necessarily welcome that kind of surveillance.
- Consider a formal mobile security training session before allowing employees to use their own devices for work purposes, and refreshers periodically throughout the year. Cybercrime is getting more advanced and hard to spot, so ensuring employees are trained on how to recognize, for example, a phishing email can easily prevent a future disaster.
It's understandable that BYOD and more mobile employees have some small business owners feeling anxious and nervous. But mobile management tools, periodic conversation, security checks, and research will do wonders when it comes to keeping small businesses safe.