In the previous post, we discussed the inevitable emergence of mobile malware. As workflows and data continue to shift to smartphones and tablets, these devices become more appealing targets for cybercriminals looking to steal and sell the user’s financial and personally identifiable information. Unfortunately, most mobile defense strategies are not as sophisticated as mobile threats, and many users are less careful with their mobile devices than they are with their desktop computers.
Because many employees are using their mobile devices for business, the rise of mobile malware points to an urgent need for robust bring-your-own-device (BYOD) policies and more sophisticated mobile security tools. However, many small-to-midsize businesses have already made the decision that BYOD isn’t worth the risk. According to a survey from Penton Research, one-third of respondents have banned BYOD, with nearly six in 10 claiming to be at least moderately concerned about security-related implications.
Risks certainly do exist. Mobile malware, as our last post points out, is now a very real threat to the workplace. A lost or stolen smartphone or disgruntled former employee could cause company data to fall into the wrong hands. Employees who ignore security protocols or download applications and content without IT approval increase the risk of a security breach.
Despite the risk, BYOD has too much value to simply discard – value that goes far beyond employee convenience and satisfaction. When employees can use their own devices, the cost of mobile devices comes off the company books, and little training is required. Employees are always connected to the workplace, so they have flexibility to work from any location. With more freedom and anytime, anywhere access to business data and applications comes greater productivity. Employees can easily collaborate and respond quickly to both customers and fellow employees. In many cases, a ban on BYOD won’t stop employees from using personal devices in the workplace anyway.
The first step to creating a secure BYOD environment is educating employees and creating a culture that appreciates the value of mobile security. Employees need to understand that the convenience and freedom created by BYOD come with two tradeoffs. The first is the recognition that the employer must establish clear guidelines for conducting business on employee-owned devices and retain control over company data and applications. The second tradeoff is a commitment from each employee to follow these guidelines and act responsibly. Following proper protocols for sharing and storing data will not only protect company information, but will also help to keep the employee’s private data from being compromised.
Employees must also be educated about the consequences of security breaches. Share the horror stories. Explain the impact of a data breach in terms of both financial losses and damage to the organization’s reputation. Make sure employees understand their role in keeping the corporate network secure.
While accountability and the right mindset are essential at the employee level, it is the responsibility of the employer to implement a formal BYOD policy and invest in tools for managing and securing mobile devices and usage. In the next post, we’ll discuss what factors to consider when developing a BYOD policy and how mobile device management can help.