Navigating the Risks of ‘Bring your own Device’

Research from LANDesk showed that 83 percent of UK organisations allow BYOD, and 39 percent of people are buying their own device for work. BT research found that 95 percent of UK organisations now allow their employees to use personal devices at work. Meanwhile, many other companies are simply standing by as employees incorporate BYOD into their working lives, without waiting for permission or policies.

Unfortunately, employees’ online-all-the-time reality creates risks and costs that companies should be managing. Technology companies, in particular, may get caught in the crossfire when mobile devices go rogue or provide a gateway for cybercrime. They may also be held liable if the products they sell or services they provide are seen to be failing to protect customers or contributing to a security breakdown.

Companies can take action to protect themselves from BYOD risks:

Create a BYOD policy
Describe what devices may be used and how employees may connect to company networks, as well as what applications they may use. Restrict the type of data they can transfer to personal devices, set protocols for data synchronisation and backup, and require employees to install the latest updates and software. Finally, set expectations, such as making clear the company is not responsible for lost or damaged personal devices or employee injury from misuse of a personal device.

Conduct employee training
Employees should not only understand the company’s BYOD policy, but also realise their exposure to risk and the consequences if they fail to take prescribed precautions.

Balance network protection and employee flexibility
The restrictions needed to protect the corporate network should allow employees to use personal devices productively. Update corporate network protection with personal device use in mind, ensuring a two-step process for authentication to access the company system recognises both the device and the person using it. Use software that allows remote data wiping, malware scanning and data archiving.

Consider cyber security insurance
This specialised cover goes beyond general corporate liability insurance. The best policies include data breaches coverage that offers public relations crisis management services, credit repair services and liability exposure, as well as network impairment coverage for losses due to hacking, denial of service attacks and other forms of cybercrime. Working closely with a knowledgeable broker is the best way to identify the right cyber policy to cover your company’s cyber risks.

As mobile devices continue to develop and the adoption of BYOD becomes ever more prevalent in the corporate world, new security features and capabilities are likely to emerge. In the meantime, businesses should assess the risk-versus-benefit status of BYOD, adopt strong policies that protect them while encouraging employee productivity, and take steps to mitigate their risks.

To read more, and download the full whitepaper, click here.