The bring-your-own-device (BYOD) revolution has been disrupting business for the last several years. Aside from the cost savings businesses get from not having to pay for their employees’ devices, BYOD has enabled greater productivity, flexibility, and efficiency through mobility. According to Gartner, half of companies globally will stop providing devices to their employees and expect them to use their own devices for work by 2017.
While BYOD adoption is on the rise, it also brings new security challenges. According to a recent survey, 39% of businesses consider mobile data security as the biggest barrier for BYOD adoption. For companies that have already adopted BYOD, IT departments are wary of their employees’ capability to protect their devices.
Securing mobile devices in the business environment requires the combined efforts of employers, IT departments, and users. Here’s how businesses can improve their mobile security in a BYOD environment:
Understand the Unique Risks That BYOD Brings
Businesses must understand the risks associated with allowing employees to bring their own devices. One of the risk elements is that employees use not only their mobile phones for work, but also their own laptops and tablets as well.
It is important to involve different stakeholders such as users, IT departments, information security personnel, and even top management to ensure that all concerns regarding security, operations, and strategy are covered. Involving different stakeholders will also enable businesses to later explore different options and solutions that will benefit the entire business and not just single departments. This will also help determine whether the benefits of increased productivity outweigh the cost of securing mobile devices throughout the entire company.
Create a Project Plan and Evaluate Solutions
After identifying the risks involved in BYOD environments, stakeholders need to come up with a plan to mitigate each risk and present viable solutions. Specifically, stakeholders must carefully consider the following:
- Device security management: Each type of remote device (laptop, tablet, and mobile phone) is subject to different vulnerabilities and requires different types of safeguards to protect critical company data. For example, laptops are highly vulnerable to malware, spyware, and other viruses. It is critical for laptops to be installed with antivirus programs and other security software. On the other hand, tablets and smartphones can be better protected by avoiding jailbroken devices and regularly updating applications. Installing a Virtual Private Network (VPN) also provides an additional safeguard to secure online communications when using remote devices.
- Application control: For tablets and smartphones, users have to be selective with the applications they install. By themselves, mobile phones and tablets are more secure than laptops. However, hackers can access users’ private data through compromised applications.
- Data encryption and tokenization: Encryption provides businesses with an added layer of security in case of security breaches. Encrypted data cannot be easily used by hackers and criminals. They will need an encryption key to reverse-engineer encrypted information. It is also important for businesses to encrypt sensitive data both at rest and while in transit. Tokenization can give businesses a secure way to protect their data by replacing critical information with randomly generated tokens which are impossible to reverse-engineer.
- Enterprise-wide policies: Even the best security programs can fail when employees share sensitive data using their personal devices. Often times, users unknowingly share critical information on social media through non-work related posts. Enterprises have to establish clear rules and policies when sharing work or non-work related information using remote devices. They also have to ensure that employees are aware of these policies and have undergone adequate training in securing data in a BYOD environment.
Implement and Periodically Monitor Solutions
Solution implementation and post-implementation monitoring are just as important as security planning. Many companies have found success by implementing BYOD in stages: from a pilot group with representatives from each stakeholder, to departments, to the entire organization. After implementation, businesses have to continually and periodically assess the effectiveness of their safeguards and solutions. They also have to keep an eye on emerging trends and security threats in a BYOD environment.