While it may seem ideal to have only company devices used for company business, this is an unrealistic expectation. Even when the business provides equipment to be used for job responsibilities, chances are strong that staffers will still use their own personal devices for work purposes. For this reason, and to effectively protect network security, a comprehensive bring your own device (BYOD) program must be created and consistently enforced.
Advantages of BYOD
Unless an organization’s network is completely locked down, it’s extremely challenging to moderate the use of personal devices. Embracing these items has a number of benefits for employees, including:
- decreased frustration,
- boosted productivity, and
- increased morale.
Allowing BYOD equipment means that the company does not have to purchase expensive hardware for workers. Companies can also enjoy the benefits of the most modern operating systems and software capabilities, thanks to the common preference of having the newest and hottest devices as they hit the market.
Thinking of Security
One of the biggest problems with BYOD is the high risk involved in allowing devices to access the company network or proprietary information. If a device is lost or stolen, it’s more difficult to protect company assets. Less honest or experienced employees may leak confidential information or inadvertently allow inappropriate access to sensitive information. Finally, mixing business and personal use on one device means there is little control over other applications used on the device. This could open unforeseen security holes.
To mitigate the security risks of permitting BYOD in an organization, mobile device management (MDM) software can be a lifesaver. With MDM systems, all devices accessing a network are perfectly visible. Controls can be configured to limit the amount and type of information available to each individual user and device. Malware or intrusion attempts may be stopped quickly and high-risk applications removed. Should a device go missing, company data can be remotely wiped and further access to the device prevented.
Companies that may not be comfortable with a BYOD program could opt for alternative models that still provide some benefit. In choose your own device (CYOD) programs, the IT department allows users to select a preferred device from a list of options. Efficiency is generally improved over company-mandated devices, and security is much better.
Another option is to use corporate owned, personally enabled (COPE) devices, in which the company buys and owns the device and the employee is free to use it like any other personal device. This helps clarify the ownership and control of the device while giving IT greater ability to manage it.
Each business has a different culture and set of technical requirements, so no single device policy will be a cookie-cutter fit. Select the model that best protects data while supporting the needs of the workforce to reduce vulnerabilities and maintain high productivity. Clearly communicate policies to employees and be prepared to consistently enforce them. No matter which model is right for the organization, implementing a sound BYOD policy will provide copious benefits with minimal risk.