Understanding BYOD Security Issues
Bring your own device. It’s the new trend taking over the work place: employees are using their own mobile devices for work purposes. Contrary to what you may think about mobile devices being distracting, businesses can actually benefit from employees using their own mobile devices for reasons such as cost savings, enhanced productivity and better communication. Although BYOD comes with many benefits, it also has many drawbacks, one of the major ones being security.
The two major security threats there are when it comes to bringing your own device to work are employees taking data out or viruses coming in – essentially threatening the entire organization. Employees typically think that only their personal devices are at risk however they might be surprised to hear that by just plugging their phone into a USB port they could accidentally give the computer a virus.
Companies should make a best effort to protect their information through added security precautions to safeguard their intellectual property and the overall health of the corporate network. However, businesses that have very sensitive information (such as social security, names, addresses, credit card numbers, health information, etc.) should make every reasonable effort to protect that information. Requirements for compliance like PCI, HIPAA and the like can carry hefty financial penalties for breach of information, especially if found to be negligent in that effort.
In all cases, companies should take extra precautions by setting some guidelines and educating their employees on technology security if they choose to use their personal device for work purposes. A few of the basic security precautions that companies can take include ensuring that employees have security codes on their devices, setting limits for using devices in the work place, and educating employees on what to do if their device is lost. Companies can enforce these policies through HR by requiring employees to sign a contract saying that they understand and will comply with all policies when using their personal devices for work purposes. Conversely, companies can force these policies by implementing low cost Server Based Policies that govern the device that will in fact give the user no choice but to comply. The former still leaves you vulnerable to human error while the latter may not be received well by the employee.
The fact remains clear, as people are starting to integrate personal devices more often in the work place, it is very important that security is not compromised or else there may not be a company to go back to work to.
The two major security threats there are when it comes to bringing your own device to work are employees taking data out or viruses coming in – essentially threatening the entire organization. Employees typically think that only their personal devices are at risk however they might be surprised to hear that by just plugging their phone into a USB port they could accidentally give the computer a virus.
Companies should make a best effort to protect their information through added security precautions to safeguard their intellectual property and the overall health of the corporate network. However, businesses that have very sensitive information (such as social security, names, addresses, credit card numbers, health information, etc.) should make every reasonable effort to protect that information. Requirements for compliance like PCI, HIPAA and the like can carry hefty financial penalties for breach of information, especially if found to be negligent in that effort.
In all cases, companies should take extra precautions by setting some guidelines and educating their employees on technology security if they choose to use their personal device for work purposes. A few of the basic security precautions that companies can take include ensuring that employees have security codes on their devices, setting limits for using devices in the work place, and educating employees on what to do if their device is lost. Companies can enforce these policies through HR by requiring employees to sign a contract saying that they understand and will comply with all policies when using their personal devices for work purposes. Conversely, companies can force these policies by implementing low cost Server Based Policies that govern the device that will in fact give the user no choice but to comply. The former still leaves you vulnerable to human error while the latter may not be received well by the employee.
The fact remains clear, as people are starting to integrate personal devices more often in the work place, it is very important that security is not compromised or else there may not be a company to go back to work to.
No comments:
Post a Comment