In today’s age of mobile computing, it’s becoming increasingly common for employees to use their own devices when working both away from and at the office. This is what’s known as BYOD – Bring Your Own Device. In practice, it’s an efficient way for businesses to stay more connected, as employees away from the office have the ability to access their work email, documents, and applications. It can save on operational costs as well, allowing businesses to avoid purchasing smartphones and tablets for their employees who work remotely, as well as the service plans that go along with these devices. However, with security breaches and data loss being one of the largest risks to business continuity today, it’s vital that in a BYOD environment, appropriate security measures are taken.
Physical Theft
One of the main causes of data loss is the theft of a physical device containing confidential or sensitive information. When a business has crucial client data stored on employees’ devices, all it takes is one misplaced smartphone or tablet for a business to open themselves up to a negative reputation, lost work hours, and most damaging of all, extremely costly lawsuits/settlements pertaining to the data lost. In cases of massive data breaches, many small businesses will not be able to bounce back from these costs, and the majority will go out of business within two years. You can’t afford to lose your business just because one of your employees left their tablet on the table at the coffee shop.
Data For Sale!
Beyond physical theft, there are other risks involved with BYOD. Many applications, such as free games or utilities, request overly intrusive access to a phone’s resources – the example that was recently at the forefront of this was the Brightest Flashlight app, which collected the location and device data of over 50 million users and shared this information with third parties, including advertisers. Many applications that would have no need to access any device information are designed to collect information on your location, your contacts, your text messages and phone calls, and your data. There’s no such thing as free; “free” applications are able to exist because they sell this egregiously collected data to advertisers at a premium cost. Do you want your business’s clients’ contact information and data being sold to shady advertising firms because your employee’s child just had to play the latest mobile game?
Confidential Data
Businesses that deal with extremely sensitive client information, such as healthcare providers, have even more concerns to worry about. Electronic Personal Health Information, ePHI, is now commonly stored on mobile devices, and in BYOD environments, on employees’ personal devices. If this data becomes compromised, both the business and the employee can find themselves facing a hefty HIPAA violation. There are steps that need to be taken to be secure. It’s extremely important that these devices have two-factor authentication (another level of authentication beyond a username/password); that the sensitive data stored on the device is encrypted; that there are no extraneous applications that transmit device data to third parties; that sensitive data being transmitted is done so securely (using VPN, for example); and that in the event of the device being lost/stolen, all of the data is able to be deleted remotely. What are the odds that your employees have taken these precautions on their own volition?
Is It Worth It?
While BYOD is appealing in terms of cost saving and convenience for users, it may not be the best idea for your business due to the inherent security risks. Remember that spending a little extra each month to provide remote employees with secure, work-only devices may save you heaps of money down the road, in the event of device theft or data loss. If the benefits of BYOD outweigh the risks for your business, remember to be secure. Contact Layered Systems today for a consultation on secure BYOD practices and remote device access in your business.
