By now, you’re probably familiar with BYOD (Bring Your Own Device). Companies have found that their employees prefer to use personal devices to conduct work alongside, or often in place of, corporate-provided devices. And companies have also learned that sanctioning the use of personal devices can bolster employee productivity, encourage innovative ways of interacting with customers and business partners, and even increase recruiting acceptance rates. But the uptick in productivity that comes from BYOD often comes at a very steep security price, especially when users connect to unsecured, free Wi-Fi to access company data and networks. Those security risks have left some companies rightfully leery of starting their own BYOD programs.
However, saying no to BYOD – or just burying your head in the sand – is just as risky. Users are going to find ways to connect to get the job done – and they’ll most likely connect to free Wi-Fi. Extraordinary measures like putting the company network on lockdown only limits remote work, which cuts down on overall productivity. BYOD is your best bet. But you have to plan your deployment carefully. Here are some points to help you get started.
1. Evaluate your company’s security environment
A successful BYOD deployment begins with an initial assessment of your firm’s risk profile. Know what personal devices your employees are bringing onto the corporate network. And while balancing privacy concerns, make sure you have as much information as possible. You should be able to answer the following questions.
- Have the devices been infected?
- What updates have users run on their devices?
- What apps are on the devices?
Accumulating this knowledge will give you a better understanding of how personal device use will change the security environment at your organization.
2. Develop a flexible plan and communicate it to your end users
Your next step is developing a flexible BYOD policy to complement, not supplant, your existing security restrictions. Make sure you’ve clarified and enforced the following points to your end users:
- Contingency protocols to remotely wipe lost or stolen devices of corporate data
- Security requirements for mobile devices
- Authentication requirements for remote use
- Usage restrictions for remote use
Nearly daily news stories of corporate data breaches over free Wi-Fi highlight the downside of personal device use in the enterprise. But companies need to balance these risks against BYOD benefits, like improved productivity and increased employee satisfaction. The only solution is developing a thoughtful and enforceable policy, by first evaluating your company’s unique security environment.