For several years now, BYOD (bring your own device) policies have been popular in many small to medium sized businesses. While often driven by financial motivation, business owners have also found that workers are more productive and have better morale when they can use their personal devices to work remotely or from home.

Still, most would agree that the policy rarely originates from the IT department, who recognize the security nightmares which can arise from the proliferation of company data on personal devices. Here are some of the worst case scenarios for those who implement a “bring your own device” policy – and how you can mitigate the dangers.

IT security

Pitfalls to Avoid While on a Personal Device

  1. Lost or Stolen Devices: Data is vulnerable when devices are lost or stolen – or if a personal device unknowingly downloads malware. While cloud technology has helped to reduce data loss in this cases, security must be rock-solid in order to make sure the data doesn’t leak out. What to do? In some cases, mobile device management programs can enable your IT team to remotely “wipe” a device to protect sensitive information. On a day to day basis, limit mobile workers to only the minimum access necessary, and use app-segregation or VPNs to keep large amounts of data from being compromised.
  2. Limiting Apps: Not all apps should be allowed on a device that has access to your data. Not only are some not trustworthy, they are downright scary. Games, for instance, are notorious for allowing malware onto a device, in some cases literally taking over – resulting in unwanted surveillance and a loss of personal or work data. Your users should understand – at a minimum – the importance of only downloading content from apps stores and not through webpages.
  3. Keeping Control: Loss of control should concern any business owner who allows BYOD. Free and unsecured wireless connections are just the beginning. Protecting mobile and laptop endpoints when they literally walk out of the building requires a strategy to address device security, layered protecting, and data provisioning. Mobile device management permits the IT team to establish control of what can be on a personal device remotely, while providing employees with a list of “approved apps” for business use will help them to determine what is appropriate. Because downloading apps is so common, most people don’t think twice about it anymore, leaving your data open to attack. Smart user authentication can also be utilized without affecting productivity.
  4. Basic OS Maintenance: While business owners have largely adopted procedures to update the operating systems of their in-house equipment, outdated mobile operating systems can be a major source of risk. IT professionals should ensure that users utilizing their own devices are following a proper update protocol, and use file integrity monitoring to quickly detect and isolate device infection.

Familiarity can often prove fatal to security practices. As more companies move to a BYOD policy, employees will utilize phones, laptops, tablets and home desktops to perform their jobs. Business owners must be concerned about the cross-use of business and personal. While they may block browsing the web in the office, you can’t do that on a personal device.

Organizations subject to HIPAA or any other regulatory and privacy regulations must be especially diligent to protect data and avoid fines. If you are looking to implement a BYOD policy at your location but are concerned about the integrity of your network and data, call Alliance IT. We can help you to isolate the data you need protected, and set up procedures which will keep your employees mobile while ensuring your company’s privacy and safety.