We all have them – smartphones, tablets, and laptops.  And how many of us still carry one device for home and one for work? Too many of us.  We sit down and plop two phones on the table one in a blue cover the other in red so we know which is which; or lug around two tablets, for the same reason – the prohibition to mix and match content and devices.  This has been going on for the better part of the past 3-7 years.

Then as we headed into the tight economic times, the desire to drive down operational expenses was upon us and companies began allowing employees to bring the own devices to work and the era of BYOD (bring your own device) was born.  No longer did employers have to expense on hardware, they simply piggy-backed on the laptop the employee had already, same with smartphones, reimburse for the cell phone calls and data, but let the employee shoulder the expense of the device (they were all super discounted by service providers anyway, right?).  Operational expenses were being reduced right and left.  What could go wrong?

THE PROBLEM WITH BYOD

Let’s start with data.  Commingling data is always an adventure, especially when it comes time to part ways, be it amicable or tension filled.  When the company data is on the individual’s device, there best be a BYOD policy in place which clearly details how the company information will be protected, extracted and removed from the personally owned device when there is a separation or change of duties on the part of the employee.  I’ve seen it happen, far too many times, when the employee declines to allow the IT department access to the device to remove the “secure” email and the IT department simply zaps the device causing it to do a major reset, purging all data on the device.  And with that push of the button, the individual’s personal files, contact lists, photos, app content etc., goes straight into the bit-bucket in the sky.  Employer is happy, former colleague or colleague with a new role is incensed – not a win-win by any measure.

SECURE BYOD

But all is not lost and BYOD is an effective cost and productivity posture if executed correctly.  Keep these five things in mind to secure your smartphone or company-issued device:

Employee/Employer device usage agreement.

If you are operating without having your employees sign an agreement which clearly details what data or information is or isn’t to be kept on their device, and how it will be removed when the device is either lost or the professional engagement is terminated, it is like wing-walking without a safety harness: you best not miss a rung when you let go.

Third Party Applications are a risk.

No not the certified one that the IT department has authorized as suitable for touching corporate data; but the third party apps which we down load to make our lives easier or more interesting – games, printer apps, specialty apps, etc., none of which may have been scrutinized by IT as being securely coded and malware free (even iTunes and Google Play occasionally let an app slip through which carries a malware payload).

Encryption.

consider paying for the encryption services so employees devices and the data within are secured to the company’s standard.  Losing smartphones and tablets is a regular occurrence, make the event equal to losing a paperweight and not the keys to the internal databases.

Authentication.

Not only is important to be secure, it is equally important to know if the device which is connecting to your Virtual Private Network or Secure Email system is the device you are expecting, from the locale expected.  When such isn’t the case, additional authentication steps are necessary.

In sum, BYOD will save money if the management of the devices and the attendant policies are present and dynamic in nature, if these ingredients are absent, then your BYOD implementation will be the equivalent of swiss cheese, full of holes which can and will put your company at risk.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com