4 Issues to Resolve Before Jumping on the BYOD Bandwagon
The BYOD trend is here to stay. New research cited by PC World shows that 30 percent of businesses now embrace letting employees bring their own mobile computing devices to work — without restrictions — and that this figure will double to 60 percent by 2016.
But allowing workers to use their own laptops, smartphones, and other gadgets to tap into your company’s network is causing a myriad of problems for businesses of all sizes.
Webroot, a security specialist, surveyed 741 mobile security decision-makers at organizations that have implemented BYOD. More than half of the respondents said that implementing BYOD has negatively affected employee productivity and has disrupted business activities. Respondents also reported unexpected costs and security issues.
The good news: A well-thought-out BYOD plan can help you prevent problems in your office before they start. Here are four key issues to resolve before you let employees use their personal devices for business.
According to research conducted by Lookout Mobile Security, $7 million worth of mobile phones are lost worldwide every day. With a growing number of employees using their personal smartphones and other devices for work, companies must decide whether the employee or the employer is responsible for the replacement cost of a lost, stolen, or damaged device that’s used for work-related activities.
Organizations must also decide who pays the monthly costs of mobile phone service, data charges, and overages. Will the company assume all of the costs, some of the costs, or none of the costs? Once you decide, draw up a formal agreement that all employees can sign.
When a device is used for both business and personal use, guidelines for providing troubleshooting assistance are a wise move, too. Because you don’t own your employee’s device, you may not feel obligated to provide tech support, especially if the device breaks while an employee is using it for a non-work-related activity.
According to Webroot’s survey, among the companies that do provide assistance, 63 percent say that BYOD has resulted in significant increases in help-desk support calls for smartphones and tablets. One technician said he spent 36 percent of his time each month managing, repairing, and replacing BYOD devices.
Only 40 percent of companies with fewer than 100 employees have mobile data security systems in place, according to Webroot’s survey. Although that percentage is higher among large companies that have at least 500 employees, where 67 percent of respondents contend with lost or stolen devices, and 32 percent have had to deal with mobile malware infections. In addition, 67 percent of respondents from large companies state that managing mobile-device security is a significant strain on IT resources.
However, companies that lack mobile security systems are at the greatest risk of breaches. “Cyber-criminals are increasingly targeting employees as access portals to a company’s infrastructure, intensifying the need for controls and layered defenses that can identify and mitigate attacks,” says Jacques Erasmus, Webroot’s chief information security officer.
Companies are legally allowed to monitor phone calls, email, and other communication that occurs using company devices. However, the rules are not so clear in BYOD situations. Should the company have the capability — and the right — to view employee data and web browser history?
According to Cesare Garlati, VP of mobile security at Trend Micro, mobile-device management allows employers to pinpoint the location of the device to determine if it has been lost or stolen before performing a data wipe. In addition, to prevent data breaches, the camera and microphone can be disabled when an employee enters an unauthorized area of the building. However, employees may view these actions as an invasion of privacy and inappropriate when applied to an employee-owned device.
Therefore, it's imperative that companies obtain employee consent before installing mobile-device management applications on employee devices. Failure to obtain permission or fully disclose the consequences of installation can subject an organization to legal action.