Organizations should create an Acceptable Use Policy to reduce BYOD risk.
The adoption of smartphones and tablet computers in the workplace is likely to increase as the capabilities and popularity of these devices continue to develop.
The benefits of using such devices at work include greater flexibility, increased productivity and reduced costs.
They also open the door to further innovation and the identification of new business opportunities that previously did not exist.
Regrettably, many of today’s most popular devices weren’t intended as business tools and consequently do not offer the level of security comparable to contemporary desktop and laptop computers.
Potential security risks include misuse of the device itself, outside exploitation of software vulnerabilities and the deployment of poorly tested, unreliable business apps. In terms of business usage, the question of who is the owner of the device can also have legal consequences on mobile device management and the remote wiping of devices should the need arise.
Furthermore, the way these devices are used often blurs the line between personal and business usage and behavior and this will only continue as cheaper, more powerful devices become available.
Concerns about security breaches, IP theft and data loss demonstrate that a strategy for addressing these devices in the workplace is essential. With no control over consumer device working practices, users are free to combine work and personal tasks and data, with the risk of working in unsuitable locations and exposure to loss and theft.
Users can potentially misuse or abuse the device through jail-breaking or disabling security features. They might also copy data to removable storage devices, or use the device for making inappropriate calls, or for downloading and sending offensive or inappropriate content. Backing up business data along with personal data to insecure or inappropriate locations can present unacceptable business risk.
Time is critical and businesses need to formulate a response to the growing trend of mobile devices in the workplace with a sense of urgency. Businesses cannot afford to stand still and allow mobile device adoption to run its own course, as it will create new attack vectors and potential vulnerabilities in corporate networks. They need to stay one step ahead on all of the latest trends, mobile devices and related security risks.
All businesses need to ensure employees are aware of what constitutes good working practice for mobile devices. As well as making consumer device security an integral part of awareness campaigns, organizations should create an Acceptable Use Policy, which employees must sign. In addition, organizations should consider monitoring device usage and enforcing policy through disciplinary or financial sanctions.
Obviously, no mobile device will ever be 100% safe. But, companies need to balance acceptance of smartphones and tablets with control of those devices to protect their networks. By putting the right working practices, usage policies and management tools in place, businesses can benefit from the advantages that these devices can bring to the workplace while minimizing exposure to potential security risks.