Why Your Company Should Have a BYOD Policy
Personal connected devices – our laptops, cell phones, and tablets – are arguably the most complicit tools in the recent blurring of the parameters between personal and work life. And while most businesses have generally recognized the benefit of allowing employees to use their personal devices for work purposes, the bring-your-own-device (BYOD) revolution has certainly thrown a curve ball to those responsible for safeguarding company data. Although corporate finance groups are singing the praises of the trend due to its inherent reduction in costs, it’s not all rosy in the BYOD world. That’s why it’s crucial to format a corporate strategy policy that will protect your company from a potentially dangerous data-leak train wreck.
Here’s why: Employees are now widely accessing corporate data from their own computer, a tablet, even their mobile phone. With so many of us bringing more and more smart devices inside our office environments and hooking them to our corporate networks, the potential for data leakage grows exponentially. When anti-virus and digital security software company BitDefender set out to explore the connectedness of typical American workers last year, they found that over half stored work-related data on their personal devices. Shockingly, almost 40 percent of them had nothing in place to prevent unauthorized access to their device. Further, in a study conducted by the University of Glasgow, 63 percent of used smart devices purchased through second-hand stores and eBay-like marketplaces still had data on them. This data included personal information as well as sensitive business information.
The problem is there’s no chain of custody in the BYOD world. Think about it. When the corporations owned your cellphone and your PC or laptop, they controlled its issue to you, how you used it, what software you put on it, and when and how it was turned in and destroyed. A solid internal tracking of electronic assets coupled with a solid electronic asset disposal solution provider meant that, for the most part, the corporate digital assets were safe. In the BYOD world, the corporation does not own the IT equipment. Personal smart devices are being linked to corporate IT environments. This mating of personal and professional equipment and data is happening everywhere. Your corporate data is being commingled with secure and non-secure access points to the Web, cloud, etc. Not to mention the fact that those devices metaphorically walk in and out of your office every day, and you have no control.
Companies are scrambling to address this issue in a number of ways. Some have addressed the problem via software solutions at the enterprise level (think Blancco or BlackBerry enterprise), some at the device level (think solutions like Apple Find My Device, etc.), and some at the human resources and legal levels with policies and procedures that prohibit users’ use of corporate information. But the truth is, without a chain of custody model incorporated with these solutions, once the corporate data is accessed or downloaded, it’s already gone — you just don’t know it yet.
The reality is that it’s going to take some time for the corporate world to catch up with what some have called the “semi-private information revolution” like the cloud, Facebook, or social media. Secure file sharing, essential for an organization’s BYOD guidelines, is one of the best options available. Services are now available to help with cloud encryption and it’s changing the way we share and monitor files. Encrypting data is crucial and minimizes the risk of sharing sensitive data and having it tampered with. Rely on your electronic asset disposal provider to help your company develop a strategy and process that is aligned with your corporate information sharing guidelines. Right now, your corporate data is only as safe as the process that you create.
Fronetics Strategic Advisors is a leading management consulting firm. Our firm works with companies to identify and execute strategies for growth and value creation.