Bring Your Own Device (BYOD) as a trend is here to stay. More and more employees are using tablets and smartphones at home and want to bring them into the office to use.
If you have a wireless network that employees use and they have access to the security key you may find that some of their personal devices are already connected to your network without your knowledge.
Allowing employee owned devices can be beneficial – allowing greater flexibility and in the right environment greater creativity and productivity. However, there are security and productivity pitfalls that need to be considered. That’s why it is important as a business to have a BYOD strategy and policy.
In simple terms there are two types of access from employee owned devices – Internet access and Business access.
Internet access
This probably the easiest to manage but there are pitfalls to be avoided.
Unless you are intending employee-owned devices to access your business applications and network – all access to the internet from your organisations WiFi should be isolated from your main network. You install firewalls and anti-virus/anti-malware solutions on the PCs and servers in your business to protect you. By allowing users to connect to you are network without isolating them your are potentially opening up a bridge between the Internet and your corporate network.
This can either be achieved by a having a completely separate network physically or by using intelligent manageable switches and wireless access points. This is generally the solution we employ on our customers sites where employees (or visitors for that matter) are allowed to access the Internet over WiFi.
It is worth reviewing your computer usage policies to cover BYOD to ensure that employees know where they stand – especially if there are already policies in place that cover the time spent on personal Facebook or Twitter activity.
Business Access
If you are going to allow employees to access business systems such as email, CRM or file servers from their own devices this needs careful consideration. In many instances this can lead to improved productivity and an increase in moral as you are empowering your employees to work in a more flexible way. You do still need to consider security implications and have policies and/or systems in place to manage this. Consider the following:
- Passwords – Every smart device allows for password protection. If you are going to allow BYOD then insist that the device is password protected first. Many owners will not set passwords on their device and if it is lost or stolen then your business data may get stolen with it.
- Data Leakage or Theft – If you own the smart device then you have control over it – you can install remote shutdown and wiping systems on a lot of smart devices now. You can request that your employee does this but it is not really enforceable. Think carefully about each request for access before granting it.
- Consider mobile device management – You could make it a condition that any employee owned device has an agent from a mobile device management system installed on it. This will allow you to set criteria that the device must meet before access can be obtained. This is also useful for monitoring device usage – this can be helpful if the employee is reimbursed in any way for using their own device for business.
Remember – allowing employees to use their own devices can be very beneficial to your business but make sure you consider the implications before allowing usage. As always – if in doubt call a professional. We’re always glad to help.