Many businesses, in an effort to cut costs, allow employees to bring their own devices to work (a policy otherwise known as BYOD) and use them in work-related capacities. Employees working in a BYOD-friendly company use their smartphones, laptops, and tablets to do their jobs, which saves companies from having to provide their people with company-issued phones or similar devices.
According to an article on Insight, an increasing number of companies are adopting BYOD policies, with its market projected to hit over $360 billion by 2022.
BYOD implementation is not only a shrewd cost-cutting move, it allows people to work with the tech that they’re accustomed to, thereby eliminating time-consuming learning curves with unfamiliar tech, which in turn makes employees more productive. On the other hand, BYOD comes with its share of risks, and three of the biggest pitfalls are:-
- Compatibility issues due to a wide range of devices being used on the company’s network
- Diminished privacy for both the employer and the employee
- Company’s data stored on employee devices is vulnerable when the device is off-site
Implementing the following steps will help make a better work experience for all parties concerned, which inevitably results in a more efficiently run organization.
1. Implement a Secure Passcode Policy
Would it surprise you to learn that in 2016, 63 percent of the data breaches reported were caused by weak or stolen passwords? Carelessly recorded passwords are bad, and the problem becomes even worse when you take into account how little effort many people put into coming up with a secure password in the first place!
If your business is going to allow BYOD, an intelligent password policy is paramount. There must be rules set in place about not only leaving written passwords out in the open but overall password strength (for starters, “Password” is NOT a good passcode). Consider a policy where passwords must be at least a certain minimum length, contain upper and lower case letters, and a number. For added measure, you can ask for a special character as well.
Short passwords, especially ones that thematically match the nature of the company, are easy to crack. A car dealership, for instance, would steer clear from any auto-related passwords. Such passwords are too easy to guess.
2. E-mail Profile Management
Many companies assign their employees an e-mail account as a matter of policy, but what happens when that employee leaves or is fired? Is there a policy in place to cover this? Does their account get shut down in a timely fashion? Leaving that account active, especially if the employee has been using BYOD, could lead to a disaster. After all, the employee no longer works for you but still has an access to your data.
Even if they have no malicious intent, a former employee may be less than fixated on your company’s security. After all, they no longer work for you, and things that may have been their problem, for lack of a better word, are not anymore. Forgetting to deactivate old email accounts is a loose end that could come back to haunt you.
3. Allow Diversity While Also Maintaining Baselines
Not everyone uses the exact same device or operating system, and there are many brands and kinds of devices to choose from. In addition, not everyone uses the same version of software or apps, and in some cases, the age of the technology can vary wildly. New innovations come fast and furious, sometimes changing what was considered hard and fast certainties. Remember when Blackberries were the end all, be all?
Some employees are keen on having the most absolute state-of-the-art tech as soon as it comes out, while others are slower to change and have devices with tech that is considered ancient by IT standards.
That’s why it’s wise to accommodate diversity up to a point but still set up some minimum baselines and requirements. Not everyone’s going to be using an Android-based device, nor should they be expected to. But if an employee is using a 10-year old phone with obsolete software, this will cause compatibility problems. If the employee refuses to change, then they simply can’t have BYOD privileges until they upgrade. Until then, if they’re willing to tolerate the inconvenience of not being plugged in, that’s on them.
4. Set the Limits of Employee Privacy
When one blurs the line between personal and professional life, problems ensue. After all, an employee’s own device has their personal information, media, bookmarks, accounts, and other information that has no bearing on their work.
Then there’s the issue of usage tracking. Talk, text, data, and roaming usage are things that any business should be keeping an eye on, but it’s possible to go overboard. Companies can’t be too trusting, but they also shouldn’t be approaching Orwellian levels of surveillance. A balance needs to be struck, then relayed to employees via the newly created policies.
One particularly thorny issue in the whole question of privacy is determining to what extent the company can remotely delete information off the BYOD device, if, for instance, it’s lost or stolen. It’s reasonable for a business to expect to have the right and ability to access the lost device and remove sensitive data that could otherwise harm the business. Some people may be squeamish about allowing that much power over their personal device, but BYOD comes with the need for compromise.
Whatever the case, businesses should create a policy BEFORE allowing BYOD, not afterward. This is not something a company should make up as they go along.
Getting Started in an IT Security Career
With concepts such as BYOD on the increase, there’s an equal demand for more IT Security specialists. According to the Bureau of Labor Statistics, security specialists, administrators, and managers earn over $86,000 per year. If this is the sort of challenge that you would like to tackle, then the smart thing to do is to engage an e-learning provider that will help you on your way, such as Simplilearn’s CompTIA Security+ SY0-501 Certification Training course.
The CompTIA Security+ course enables learners to gain knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; operate with an awareness of applicable policies, laws, and regulations.
The course features 32 hours of instructor-led learning and covers six domains required for you to become an IT security professional.
Furthermore, CompTIA Security+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. Security+ is also compliant with government regulations under Federal Information Security Management Act (FISMA).
The fortunes of a company may rise and fall at the whims of security issues. With Simplilearn’s training, you could become a valuable and sought-after member of an IT department that keeps a business running smoothly and safely.