The ownership of external devices that have access to sensitive company data is one of the biggest problems with information security and the use of BYOD in the workplace. Devices are controlled by the owners; the devices can be lost, stolen and work on an unsecured network; and company BYOD policy measures can only go so far.
A look at the different influential components of information security risks and BYOD can assist healthcare facilities, financial and government institutions, as well as business entities in applying the necessary steps to secure company data and avoid data breaches when using BYOD.
Device ownership
The device is owned by the individual, which means they have full control over it. The implications can entail various scenarios that put company data at risk.
Device access by family members.
Disregard for company guidelines.
Device owners could override security systems set up for them by their employers.
And let’s not forget the famous ‘it’s mine and I can do whatever I want with it’ reaction.
It is very important to find a balance between respecting personal employee privacy and ownership; and having the possibility to establish ground rules, along with providing secure alternatives to employees when they access company data on their personal devices. There’s also the option of companies providing employees with the device, which completely eliminates the device ownership problem altogether. Financially this might not be the best solution, but it is something to consider.
Device security
No one wants to lose their smartphone, laptop or tablet, but it happens. Loss can take place as much as theft can; and both are not something controllable. The security systems in place on a phone are dependent on the owner, and this implies subjective judgement on what is secure or not. Whether or not an individual wants to update their anti-virus or download security apps and patches rests solely on them.
A proactive approach to this problem entails companies securing their networks, as well as regularly scanning for vulnerabilities. Having a system in place to wipe out information from a device if stolen or lost, and being able to detect a breach are also a part of a good information security plan.
BYOD company policy
BYOD policies are being considered and implemented by a number of organizations who want to keep their personal information secure. One of the challenges companies face is finding a balance between regulations and the personal use of the owner’s device. Furthermore, the way a device gets used and how or when sensitive data gets accessed, are not the only BYOD information risk issues.
Company policies assist in enforcing employees to comply with better information security practices. However, like the unreliability of solely implementing compliance to obtain an effective information security plan, BYOD company security policies need to be accompanied by continuous network security efforts.
One thing in common with all three information security risks and BYOD components is the need for companies to set up an information security plan with the implementation of regular network security scans, finding and fixing vulnerabilities, and updating compliance requirements as they emerge.
Protecting company sensitive data is vital to the productive and effective functions that come with running a business, healthcare facility or government office.