The Growing Use & Risk of Employee Personal Devices for Work

A 2013 Mozy and Compass Partners survey found 87 percent of small and medium businesses had no plan in place regarding the growing use of employees’ personal devices for work, a trend commonly known as BYOD, or Bring Your Own Device. Most of these businesses— 80 percent, the study found— did not see this as an area of concern, The Huffington Post reports. With no formal plan in place regarding the use, back up and safety of personal devices, small business data is at great risk of being lost.

BYOD Policy: Why It Matters

If employees use their own devices when working from home, you don’t know when and where they’re using them. Maybe they’re working diligently in their home offices. Or maybe they’ve gone to the public library or a coffee shop and don’t think twice before leaving that laptop unattended during a bathroom break. This leaves employee technology vulnerable— and your business on the hook for lost data. If the device is stolen, you risk losing the only copies of important documents and losing control of client and enterprise information.

While a tech-savvy IT department might simply wipe the device remotely to prevent massive data leaks, this move now risks legal liability. Lawsuits filed over such remote actions second the need for BYOD policy.

What’s Really at Stake

In essence, BYOD poses two risks: The risk of losing data due to accident or device failure, and the risk of leaking data via theft. The first problem can be solved by a BYOD policy that addresses data storage, backup and recovery. Cloud-based online backup offers an elegant solution to the issue of data storage and management. These systems allow employees to easily back up data for access control and authentication that safeguards company data, while allowing employees easy access to data from any device at any time. SBA.gov suggests automating external backups for ease of implementation.

To address the risk of data security, a BYOD policy must spell out what control IT has over devices, if any. A policy that addresses what program, apps or files IT has the ability to remotely wipe, restrict, or block access to if a threat arises protects employees, enterprise data and client information.

The array of device options can become a roadblock for policy. With Android smartphones alone, employees could have any of 20 versions floating around. This makes the technology a greater perceived risk. Policies can list what devices are and are not supported under BYOD. Just because an employee has a BlackBerry or Samsung smartphone doesn’t mean the device meets security protocols set by the organization.

To ensure policy implementation, implement an authentication program that forces employees to request permission to access enterprise apps from their devices. While employees may protest about logging in each time they go to view files or use programs, this prevents third parties from accessing the information if they do gain the devices.

Failure to address BYOD policy now leaves businesses vulnerable. SBA.gov says 40 to 60 percent of businesses don’t recover from data-loss disasters. Don’t let this happen to your business on account of lax device security.

Does your business have BYOD policies in place? Share them in the comments.

Contributed by Connie O’Hare. Connie operates a small tech company from her East Coast home, and takes every opportunity she can to take her kids on memorable vacations around the world.