Tuesday, May 21, 2013
BYOD without policy a recipe for disaster
At this point, the value of bring-your-own-device (BYOD) strategies is well-established. Firms in every industry have discovered that by leveraging BYOD, employees can become more productive and efficient, as they are better able to perform work-related functions outside the office and collaborate with one another. Additionally, workers tend to prefer using their own devices rather than company-issued ones, as they are more familiar with the former. Consequently, BYOD can provide a boost to employee satisfaction, further fueling productivity.
However, there are undoubtedly a number of risks inherent to BYOD. Most notably, these deployments can potentially put corporate data at risk if adequate secure file sharing measures are not implemented. Without a definitive, robust policy in place, BYOD has the potential to be a disaster.
Many companies, fearful of the potential security risks presented by BYOD deployments, have delayed implementing official policies for this strategy. On the surface, this seems like a reasonable decision that will keep the company safer. However, more often than not, the opposite effect will occur.
The fact of the matter is that BYOD is happening regardless of the policies adopted by a given company. Workers, particularly younger workers, increasingly expect their employers to permit BYOD. If there is no official policy in place, employees will often pursue BYOD anyway. This is even true if the company forbids BYOD. The end result is that workers utilize their personal smartphones and tablets for work, but the company lacks any oversight of these devices.
Employees will send, receive and access corporate data without secure file sharing or other data protection measures in place, thereby greatly increasing the risk of a data breach.
This is why a BYOD policies are so important. Without an official, comprehensive stance in regard to BYOD, a firm will be less able to protect its sensitive data in the event that employees' devices are lost, stolen or accessed via cyberattack.
It is therefore essential for any firm that has yet to do so to develop and implement a complete BYOD policy. Ideally, this should strike a balance between employee freedom and oversight, with security always a priority. And for those firms that genuinely must avoid BYOD due to security concerns, it is critical that decision-makers inform employees of the reasons for the BYOD ban and regularly take steps to enforce it.