The ‘bring your own device’ trend has become increasingly popular over the last few years. A survey by ISACA suggests that 54 percent of employees have a personal device they use for work. Employees enjoy the freedom BYOD schemes offer, and company balance sheets look healthier for the minimized hardware spend. However, the convenience of BYOD is accompanied by significant data security risks, which can prove costly.
Many businesses are allowing the home and office to seep within each other via shared equipment, without ensuring there are adequate security measures in place. So what are the main dangers of mixing work and home, and how can companies best tackle them?
Now where did I leave it…?
Loss and theft of hardware is a major issue. Human error still tops the list of causes behind data loss, and something simple like forgetting a USB on a train can have serious consequences. Technology may be developing exponentially, but human carelessness can always be depended upon to throw a spanner in the works. Data security experts estimate over 17,000 USB flash drives or data devices have been left in public locations this past year.
If you’re commuting with a USB or laptop that holds sensitive company information, you need a plan in place should you lose anything. For the sake of your workload and personal reputation (of yourself and employer), the files need to have been backed up, and you must know that nobody else can access and exploit the data.
It’s here that many businesses fall down. Losing a USB with sensitive data is not too troublesome if you can instantly (and remotely) wipe the data. Instead, many companies rely on encryption, seemingly under the guise that it provides an adequate level of protection in the event of loss. Whilst encryption may prevent an individual from accessing the contents instantly, it’s only a matter of time before it can be cracked. A survey by the Ponemon Institute for Intel revealed that 56 percent of IT managers admitted to often having their device’s encryption turned off, which immediately makes businesses more susceptible to security breaches.
As the New Year approaches, here are some helpful tips and best practices for corporate teams to help minimize the risks associated with sharing home and office hardware.
Bring your own contract
Many companies have a BYOD policy, yet comparatively few make any amendments to their employees’ employment contract. This opens a minefield of issues in the event of an incident, with both parties potentially losing.
Companies should ideally set out clear rules about ownership, so there can be no dispute in the event of loss or theft of hardware. If a laptop with both personal and corporate data saved on it is stolen for example, who is to be held accountable? Both employee and employer must understand who owns the data on a shared work/home device, with clear guidelines on how (and by whom) the hardware is insured.
Ably providing a clear audit trail is crucial for companies, making it prudent to have a clear-cut BYOD policy woven into the employee contract. If information on a stolen device is compromised (and not encrypted, say), then responsibility can be placed on either the business or employee without ambiguity, with the relevant person held to account where necessary.
Not every cloud has a silver lining
Cloud has been hailed by many companies as ‘The Answer’ to smooth home/office working. In theory, the cloud provides a smooth link between the office desk and home study, but given the recent spate of websites being crippled by cloud ‘down-time’, it would be unwise to consider it infallible.
There are instances when it’s very difficult to rely on cloud, particularly for business owners who work within a ‘customer-facing’ role. Having a copy of local data (on a USB stick, say) is imperative, as few customers (or prospective customers) will happily allow unfettered to their systems, in order to access a slideshow or specific documents. Carrying local data around can be risky, which is why businesses must ensure (even in the event of loss) sensitive data won’t be compromised.
With employees increasingly shuttling their hardware between home and office, businesses need to be sharper at ensuring they’re covering the accompanying security risks. Whilst they cannot eradicate human carelessness, which leads to loss of equipment, they can ensure the data (which accompanies the devices) is protected to the hilt. Unless companies invest in hardware that facilitates this, they leave themselves open to continuous risk of security breaches.
Filed Under: M2M (machine to machine)