Solving Your Biggest Problems with BYOD
UPDATED: November 6, 2023
BYOD is our life nowadays. With remote employees, virtual desktops, and cloud solutions rising, understanding how to implement the correct BYOD plan is paramount to your business's workflows, especially as we move into the holidays. More people will be at home, working or not, with your sensitive logins and data logged into their devices. The data is moving from office to office and now from personal device to person device, forcing BYOD to become our daily realities. But with every change comes their challenges, so how do you prepare for them?
With around 235 million people using a smartphone in the United States, it is important to have a Bring Your Own Device (BYOD) Policy in place to help protect your IT infrastructure. Especially when 89% of employees say they would even take a pay cut to use a device of their choice for work purposes. Allowing employees to use their personal devices – such as cell phones, tablets and laptops – to access work-related data in the office or out in the field boosts productivity and cuts costs for businesses by not having to purchase the devices themselves. But it also opens your network up to all forms of cyber attacks.
Employee Security training and compliance
Employees are usually more than happy to bring and use their own devices for work. Studies say that 56% of businesses with a workplace mobility strategy report higher rates of employee satisfaction. However, employees need to adhere to a BYOD policy in order for the operation to be successful. IT departments need to create material to properly train their employees on the following practices:
- What devices will be supported?
- What mobile operating systems (Android or iOS) will be supported?
- What apps, if any, will be supported?
- What reimbursements, if any, can the employees expect?
- How will security issues with personal devices be addressed, including password policies, public Wi-Fi security, and loss and/or phone theft policies?
- Who owns data on the phone?
Employees should also be required to sign a compliance agreement upon completing BYOD training to eliminate any future questions about ownership, loss, or confidentiality breaches. Ultimately, your employees and their understanding of safety practices is you first defense against BYOD issues.
Make Sure Employees Practice Safe Device Habits
Even though employees are using their own personal devices, it is critical that they practice safe device habits to help prevent hackers from gaining access to your network and precious business data. Giving employees a clear understanding of what is expected when using their personal devices to connect to internal networks is beneficial for them and for you. Here are a few DOs and DON’Ts that will help keep personal devices and your data safe.
- DO use a pin number, password, pattern or biometrics to lock your device. MFA is the best practice.
It is helpful to lock your mobile device to prevent information from getting stolen should it get lost. This will physically help protect your device from unauthorized users accessing sensitive data. Furthermore, implementing Multifactor Authentication (MFA) like Google Authenticator and text notifications with unique pins is the best way to ensure protection across devices (make sure everyone is using it!!).
- DON’T use public Wi-Fi networks
It is common these days to go to your local café or favorite lunch spot and hop on to their free Wi-Fi network so you don’t have to use the data service through your mobile provider. But the problem with public networks is sometimes hackers use them to distribute malware or even intercept the data you are sending wirelessly. Even if the network needs a password to connect to it, it doesn’t necessarily mean it’s secure.
- DO use a VPN (Virtual Private Network)
A VPN connection allows you to securely access private networks when using a public internet connection. So if you do find yourself in a café (as mentioned above) hotel, airport, or any other place that offers Wi-Fi, a VPN will help keep your data from prying eyes.
- DON’T download apps from 3rd party app stores
Google Play and Apple AppStore are the official app stores for Android and Apple devices (respectively). App developers must follow strict guidelines and apps are closely vetted before being added to Play and AppStore (even though malicious apps can even sneak in to those from time to time). However, there are also a number of unrestricted 3rd party app stores that may not apply the same level of scrutiny. It’s best to avoid downloading apps from these stores but if you absolutely must, do some research on the app by reading reviews and by visiting the app developer’s website.
- DO make sure apps and operating system are always up-to-date
The importance of keeping IT equipment updated and patched can't be stressed enough. Mobile devices are no different. Cyber criminals target hardware and software that is outdated to infect them with viruses and steal data. It’s imperative to make sure your device’s operating system (OS) and apps are always updated to the latest version. Last year, it was discovered that a vulnerability in WPA2 (Wi-Fi Protected Access 2) allowed attackers within wireless range of a Wi-Fi network to recover data being sent using KRACKs (Key Reinstallation AttaCKs). Most device manufacturers quickly released a security update which patched the vulnerability.
Lack of Policies and Uniform Adoption
How many businesses have “exemptions” for upper level management? Uniform adoption of the same BYOD policy is the only way to close security holes. Likewise, lack of policy altogether puts a business at risk for data compromise. The only time an MDM strategy will work is if every employee in the entire organization adheres to the same set of regulations.
Mobile Device Management
Implementing a Mobile Device Management (MDM) solution allows you to manage, monitor and secure mobile devices that connect to the organization’s network. Some of the many benefits include pushing out software updates automatically, enforcing security policies, wiping data from lost or stolen devices and monitoring network activity — all from a centralized dashboard.
Ask your IT staff what policies and tools your company currently has in place and what you may need to implement to keep your employees’ devices safe and from infecting your network. If you have any questions, feel free to give us a call! We’re always willing to help and can recommend some of the solutions we have in place to protect local businesses with secure by design Managed IT Services.
Like employee training and compliance, your organization should institute the same BYOD governance policies across the organization.
Many organizations give their blessing to employees to use their phones at work without considering key inherent security risks, like:
- Lost devices
- Damaged devices
- Employee exit strategies (this is a big one!)
According to one survey, 68% of healthcare data breaches happened due to the loss or theft of an employee device or file. This is an unacceptable but very real statistic.
A critical part of any BYOD policy is a strategy to remotely wipe company data from a compromised device. Select MDM technology that will give you the capability to remotely wipe any device to protect your company’s data.
Employee privacy issues are another problem with BYOD that many organizations forget to consider. Employees don't want you looking at their photos, text messages, and emails that are stored on the phones and personal devices. What's more this can get into a sticky legality issue. This is one of the hardest problems to maneuver in the BYOD world. Can I search my employees phone for information that belongs to the company? This goes back to the BYOD agreement contract...be specific!
While employees like the convenience and ease of using their own devices, they want a clear separation between their work information and their personal information. The best technology to address employee privacy issues is application-based MDM software. It gives employees the ability to access, read, and modify files on the cloud from their device. Therefore, if the company needs access to those files, management only needs to view the files stored in the cloud. They will never need to access the employee’s personal device.
Deployment, Procurement, Support
Even if a business recognizes the need for Mobile Device Management (MDM), they might experience challenges in acquiring, deploying, and supporting their solution. Some IT departments are already stretched to their limit, and many cite this as a reason for delaying the implementation of a real BYOD policy.
Secondly, there are often problems with supporting employee devices. If there is no uniformity in policy and usage, how can the IT department be expected to support a myriad of devices? The problems these employees acquire may be beyond the scope of the IT department’s responsibilities. The best way to address this problem with BYOD is to get help from an IT solutions company to design and deploy your MDM solution. They can also support your employees’ devices and relieve your IT department of that burden.
Solutions for Problems with BYOD
BYOD can be a powerful motivator and method of promoting effective workplace mobility. However, you need a combination of BYOD governance policies and the right mobile technology to correct problems with BYOD. If you need help getting started, contact the mobility experts at Centre Technologies to learn about your MDM options today.
Additional Workplace Mobility Resources
Enterprise mobility management offers solutions that address the biggest problems with BYOD. Learn about a workplace mobility solution that ensures the scalability and security of your mobile infrastructure, regardless of the size of your organization.
Be a thought leader and share: