Practicing Safe BYOD: Is Your Data at Risk?


Image copyright Pixsooz

Over the next few years, we’re going to see the ad hoc use of personal devices in the workplace transform into a cohesive, total mobile experience that unites data across every device. In the long run, this bring-your-own-device (BYOD)-enabled workplace will be a boon for employee productivity and collaboration. Of course, ask any company today and you’ll hear that BYOD bliss is still a ways off.

Right now, workers don’t typically go out of their way to research security issues or the safest way to use their personal devices. They just want to use the most effective apps possible to make their jobs a bit easier. But, this can be dangerous for companies, especially those in regulated industries. For instance, if an employee leaves the company with data still saved on his/her personal device, or has that device stolen, sensitive data may be compromised.

The bottom line is that most employees don’t really think about BYOD, it’s just something they do. In part, it’s up to employers to train employees in BYOD best practices, but, to date, progress has been slow. In the 2013 Data Protection Trends Research, conducted by the Ponemon Institute, findings from more than 4,300 respondents worldwide showed that an overwhelming 77 percent of employees haven’t received any education about the risks related to BYOD. Not only that, but more than half of the companies surveyed don’t have any streamlined security policies in place for personal devices.

With Gartner estimating that, by 2017, half of employers will require employees to use their own devices for work, it seems enterprises have a lot of work to do in the next few years when it comes to practicing safe BYOD. Making every personal device secure can be a daunting task, but, as mobile trends keep gaining momentum, it will become imperative for companies to adapt to changing trends. To truly prepare for BYOD, companies need to work hard to promote awareness of what it means, and think about what’s coming next.

Building Awareness and Education for BYOD
It’s obvious that employees are using personal devices in the workplace. Just look around and you’ll see people checking their work email on their phones, editing presentations on their tablets, or forwarding documents from file-syncing apps. In fact, more than 80 percent of employees are bringing smartphones and tablets to the office. But that doesn’t mean every employer has embraced them, especially considering that the 2013 Data Protection Trends Research revealed that more than 30 percent of employers still don’t let workers access their organization’s network from personal devices.

In this day and age, this model isn’t sustainable. Even if some businesses in industries such as finance or healthcare are justifiably worried about regulatory hazards, closing down BYOD completely isn’t the answer. Employees will continue to work around restrictions and use unsanctioned third-party solutions if it means they can do their job better or more easily. That’s why companies need to incorporate personal devices into existing IT networks and implement the necessary security measures to simultaneously balance productivity and data protection.

Mandating simple practices — like adding a password to a mobile device — can go a long way in reducing the threat of data leakage. That way, if an employee’s device gets lost or stolen, there’s much less of a chance that sensitive information could be released outside the organization. Despite the benefits of password protection, though, only 31 percent of companies are enforcing this practice.

To really promote safe BYOD, however, businesses have to take the conversation to the top. The 2013 Data Protection Trends Research revealed that, among the companies with secure policies in place, 24 percent still allow for exceptions in the case of executive-level employees and other privileged users. This has the potential to be devastating for security, given that CEOs and other C-level employees are often the ones who have access to the most sensitive information. Standardizing BYOD security practices, no matter an employee’s position, should be a top priority for every organization.

Adapting to the Next Big Things
On top of these BYOD habits and growing data concerns, there are other changes that companies need to address sooner, rather than later. All of them are linked to the burgeoning total mobile experience and include the incorporation of BYOC, Apple and TYOD strategies in the enterprise.

  • Bring-Your-Own-Cloud (BYOC): BYOC is happening whenever an employee uses a public cloud to store or access company files. While undoubtedly convenient, the problem is that the majority of public cloud storage apps, like DropBox, simply aren’t secure. Aside from being vulnerable to hacking, using a public cloud means employees could potentially have those files stored for the rest of their career, and beyond. Despite this risk, the 2013 Data Protection Trends Research found that 67 percent of employers haven’t established policies around third-party cloud storage options.
  • The Proliferation of Apple Devices: Two decades ago, there was no need to prepare for potential compatibility issues between Apple and PCs. Companies just used Windows-compatible hardware and software, and that was that. Now, Macs, iPhones and iPads are everywhere. More than half (57 percent) of employers said that this has proven to be a big challenge when it comes to compatibility, especially given that 75 percent of the companies surveyed in the 2013 Data Protection Trends Research either have Apple products in the office or are planning to roll them out soon. Preparing for Apple devices means acknowledging that data has officially become platform agnostic. The right systems and security have to allow employees to access data from whatever device they choose to use.
  • Take-Your-Own-Device (TYOD): When employees bring their own devices to the office and use them for work, there’s a good chance they’ll still have company data stored on them when they leave their position. One way IT teams can make sure sensitive data doesn’t leave with workers is to remotely wipe files from mobile devices, which is made easy through secure, enterprise-level file-syncing and sharing products. However, the survey showed that only 21 percent of IT teams are routinely taking such measures to protect their sensitive data.

The Next Stage of the Total Mobile Experience
Today’s BYOD movement, combined with BYOC, Apple and TYOD trends, is just the start of the total mobile experience that empowers employees to work from any location on any device. If Gartner is right, and about half of businesses will be enforcing BYOD as a best practice in just a few years, the companies that have thought about security and what’s ahead now will be the ones that stay ahead.

Anders Lofgren is VP of Product Management at Acronis.

Must-Reads from other Websites

Panos Mourdoukoutas

Why Apple Should Buy China’s Xiaomi

Paul Graham

What I Didn’t Say

Benjamin Bratton

We Need to Talk About TED

Mat Honan

I, Glasshole: My Year With Google Glass

Chris Ware

All Together Now

Corey S. Powell and Laurie Gwen Shapiro

The Sculpture on the Moon

About Voices

Along with original content and posts from across the Dow Jones network, this section of AllThingsD includes Must-Reads From Other Websites — pieces we’ve read, discussions we’ve followed, stuff we like. Six posts from external sites are included here each weekday, but we only run the headlines. We link to the original sites for the rest. These posts are explicitly labeled, so it’s clear that the content comes from other websites, and for clarity’s sake, all outside posts run against a pink background.

We also solicit original full-length posts and accept some unsolicited submissions.

Read more »