Five Steps to Mitigate the Risks of BYOD
Mobility is how we work. It’s how we live. The adoption of mobility, smartphones and tablets enable people to collaborate easily from home or in the office and has freed up workers’ sense of individuality to inspire more productive work. There’s no doubt that the bring-your-own-device (BYOD) trend is changing the workplace. Embrace the changes brought by the ability to work anywhere, anytime, and with the devices of their choice, and your organization can tap into new levels of creativity and productivity. Resist and risk losing out on innovation and a talented, vibrant workforce.
Consider these facts:
- 70 percent of mobile professionals will conduct their work on personal smart devices by 2018, says Gartner.
- More than 4 percent of all smartphones issued to or used by employees are lost or stolen every year, according to the Ponemon Institute.
- The number of mobile malware and risky apps hit the 1 million mark, according to Trend Micro.
Let People Use the Devices They Love
BYOD lets people use the mobile devices that they love. With solutions like ShoreTel Mobility, your employees can use their smartphones and tablets, whether company- or personally-owned, from any location and on any network—and get a full suite of mobile unified communications tools. Combined with ShoreTel Dock, your workforce can go mobile but still have a home base. The ShoreTel Dock merges the benefits of a desk phone—audio quality, always-on power and ergonomic comfort—with the power of the ShoreTel mobility app.
But before unleashing the power of BYOD, it’s essential to understand and address any risks. Allowing workers to use their personal smartphones, tablets and other mobile devices for work not only eliminates the need for companies to buy mobile devices for employees, but also it tamps down soaring cell phone bills.
When your company owned workers’ mobile devices, the company specified the models, purchased them, paid for the service plans, secured them, and maintained them. While BYOD might offload some of the costs onto the employee, it does not shift the responsibility of securing and managing mobile applications, data, and user access.
Five Steps to BYOD
Here are five steps to mitigating the risks of BYOD:
1) Understand your risk profile. BYOD can deliver great value, but you need to understand the risks and compliance requirements. Employees’ smartphones and tablets, whether company-owned or personally owned, may contain sensitive information—emails, documents and customer names—as well as access information stored in a public or private cloud. It’s critical to understand your organization’s requirements for data protection, especially in regulated environments where there may be compliance requirements.
2) Develop a policy for BYOD. Only 24 percent of companies have a formal BYOD policy in place, according to the Computer Technology Industry Association. If de facto use has forged ahead of the paperwork at your organization, the time is right to develop a policy to govern BYOD usage. Will IT support any and all mobile devices that are available, or will they limit the list of approved devices to specific hardware and software platforms? What applications or cloud services are acceptable? Is the company or employee responsible for replacing lost devices or repairing damaged ones?
The policy should spell out how much access or control the organization has over employee-owned devices. For example, will an application or agent be required on the mobile device to manage it? What are the circumstances for locking or wiping a mobile device, such as when an employee is terminated—and will the user’s personal apps and content also be removed?
3)Secure the mobile devices. You should counsel your employees to use common sense when using their personal smartphones and tablets for work, but don’t leave it to them to adequately secure their devices. Make sure that employees use strong passcodes on all devices. Antivirus protection is essential. You should also encrypt data that is stored on the mobile devices as well as data as it is transmitted over the wireless or cellular network. If the device is lost or stolen and someone does manage to break the password, then encryption will be welcome protection.
4) Consider the apps. Think beyond the device—to the apps and data. The prevalence of mobile malware is on the rise, and poorly developed apps also can pose a threat. Caution workers to use common sense when downloading apps. There is no guarantee that any app, even those from app stores, has been vetted for inappropriate content or malware.
5) Use mobile device management (MDM). MDM software will enable you to manage your users’ mobile devices as well as the ability to remotely lock or wipe lost or stolen mobile devices. An MDM solution makes it easier to manage large numbers of mobile devices, since they typically allow applications, data, and configurations to be distributed over the air. Using MDM can reduce support costs and lower business risks.