The commercialisation of IT has made tech gadgets cool and accessible on a mainstream scale, giving employees access to organisations’ information on a number of personal devices. This underlines the challenges that organisations face in regulating employee-owned devices in the workplace, as the protection of confidential information is paramount.
In every corporation, the use of these devices is becoming more and more prevalent, due to the influx of smartphones, tablets and laptops that employees access and utilise when undertaking tasks at work. For instance, if an employee simply accesses your Wi-Fi network from a personal device, it will store confidential information about that connection and the data they accessed.
In most workplaces, the BYOD (Bring Your Own Device) trend is encouraged due to the savings made on hardware, software, and on training undertaken to operate the device. It can allow employees to take their ‘work away from work’ and encourages a constant connection to emails, data and information. However, the risks associated with this BYOD policy can be problematic, especially if not managed correctly. Many risks most organisations work hard to mitigate around data and confidential information loss can be exacerbated due to a lack of centralised policy. If an employee loses their smartphone that was used to access company data, then that information could be stolen – a potentially disastrous situation if this information contains sensitive or customer private data.
Another key uncertainty is the blurring of lines between company owned assets, company owned data and remote access, support and surveillance of BYOD devices which are no longer company owned assets. The development of good policies and requirements prior to allowing the connection of BYOD devices has become more important than ever.
There are a number of ways to mitigate security risks and regulate the use of personal devices in the workplace. Educating your employees on the risks and the use of their device is a great starting point, especially by highlighting how any device can store a certain amount of confidential information. Employees must also be encouraged to protect their personal devices with up-to-date malware and safeguards and the organisation should develop up-to-date policies to ensure appropriate governance is in place. Finally, technology management systems which extend beyond the traditional security boundaries need to be reviewed as many existing technology investments may no longer be suitable in a BYOD environment.
The use of personal devices by employees is expected to increase, is your business protected from the associated security risks?
