A ‘perk of employment’ trend is growing in popularity with businesses of all varieties: offering portable or mobile devices for both personal and work use. In fact 62% of companies will allow BYOD (bring your own device) by the end of 2013. While the intentions are good, the security implications can be catastrophic if a strong privacy and sharing policy isn’t in place. Employees are making the argument their work is becoming more and more Internet and mobile-based, so why can’t they BYOD?
True, employees with mobile devices can potentially be more productive while traveling, on site for client meetings or working from home; however, it shouldn’t be the sole reason to allow anyone to have unsecured access to your business’ secure networks. If you’re thinking of allowing your employees to BYOD, keep these three rules in mind.
1. Develop a policy.
Whether you are thinking of allowing usage of BYOD for work or not you should develop a mobile device security policy. If anything, this will help protect your company, in the event your secure systems are breached. Talk with your IT Department, your attorney, and any other key stakeholders in your organization in order to develop a thorough and legally binding policy. Once all the decision makers have been consulted and come to an agreement, post your policy throughout the company (e.g. intranet, memo, employee handbook, or internal signage).
2. Educate your employees.
Once your policy is in place, it’s up to your management team to educate your employees on the updated or new policy. Take the time, up front, to educate your employees on the threats and risks of using mobile devices for work. If your employees understand the reasons behind the new change, they will be more likely to adhere to the policy.
Perform an internal census on how many employees have a company issued laptop (or other mobile device), and those who use personal devices for work. Be sure to inform them of the new policies, how it will affect them in the future and offer a contingency plan if they will no longer be able to BYOD to work.
3. Enforce the security.
Implementing a new policy is not always a welcome change. Be prepared for some backlash and upset employees, but in the end, this is for the protection of your company. Carefully monitor the new security policy and reprimand those who are in violation. Continue to post relevant security information, in order to keep your employees informed of new threats.
The business world truly is going mobile, but does that mean your employees should as well? There’s a strong balancing act between allowing your employees the freedom to BYOD for work and subduing possible security hazards. Take the time to develop a mobile device security policy, which clearly states your business’ best practice standards (e.g. password protecting your device, 90-day password policy or intranet login). Additionally, host an educational session about the IT risks associated with mobile devices and the importance of the new policy. Use this opportunity to bring your employees on board with your new plan and make sure they understand how this will affect them moving forward. Be sure your management team is fully prepared to take the new policy seriously and enforce it. In the end, protecting your company and employee’s data should be top priority. Don’t take the easy road; it isn’t worth the risk.
What are your policies on using personal mobile devices for work?