Fact: Your employees will use mobile devices for work purposes outside of the office. According to a survey by Syntonic, an average of 68 percent of companies estimate that employees use their smartphones at least four hours per week outside the office. This type of Bring Your Own Device practice can be beneficial, but only if it’s practiced properly, backed up by a quality BYOD policy that governs how the devices are used in regard to sensitive corporate data.
Bring Your Own Device is particularly dangerous for enterprises, as the sheer number of employees and devices provide countless new endpoints that hackers can use to infiltrate a network. All it takes is a single device to put an entire infrastructure at risk–thus, a BYOD policy is a necessity in the modern, connected business world. Below we’ve listed some surprising facts about BYOD that need to be taken into account when implementing mobile devices in your enterprise.
Some States Require Employee Reimbursement
This currently is not a requirement for businesses in Texas, but there are several states, including California and Massachusetts, that have passed legislation requiring employers to reimburse employees for data usage for work purposes. Approximately 69 percent of organizations have a reimbursement policy for work-related smartphone use, with compliance being the primary motivator. The biggest problem, however, isn’t the fact that this type of compliance exists–rather, it’s the fact that some companies don’t even know it exists, and that those that do tend to overspend in terms of reimbursement.
The Syntonic survey claims that 47 percent of companies that reimburse for BYOD pay only a fixed amount, while 29 percent require that employees manually calculate their data usage and submit expense reports. Another 29 percent don’t even know what their compliance responsibilities are. To resolve this issue, split billing software can be used to calculate the amount owed. Half of surveyed enterprises have already invested in this asset, and have claimed that it’s helped them gain a better understanding of their employees’ smartphone usage.
The Risk of Insider Threats
When you think of insider threats, do you imagine a network of spies lurking in the shadows, waiting to steal your data and hand it over to a competitor? While this makes for a great movie plot, it’s far from the reality of insider threats. The fact remains that insider threats come in all shapes and sizes, from disgruntled employees to those who are simply negligent of the responsibilities involved with BYOD. It might be tempting to just assume that your employees know about your BYOD policy, this is a dangerous practice.
A significant number of enterprises feel that their employees don’t have the proper training required to handle BYOD in the workplace. In a study by Bitglass, one-third of all organizations surveyed have experienced an insider attack in the past year, and another 74 percent feel vulnerable to them. An astounding 62 percent of employers claim that a lack of employee knowledge concerning BYOD has led to data leakage. In part, this may be due to an unclear mobile device management policy and generous user access to sensitive information.
What You Can Do
Managing your enterprise’s mobile devices is a critical part of allowing a BYOD policy in the workplace. Here are three ways that your enterprise can address the aforementioned pain points regarding BYOD in the workplace.
- Educate your employees on mobile device best practices: Internal documentation is an invaluable asset, especially when it comes to educating your employees about IT security and mobile device best practices. You can potentially avoid a lot of fallout by making sure that your BYOD policies and practices are available for review at any time. Reinforce your team’s knowledge with regular check-ups designed to help them understand the role the user plays in security. Another tip: have a user go through IT and get a device approved before allowing them to use it on the company network.
- Restrict data access on a per user basis: Approximately 54 percent of respondents claim that too many devices have access to important or sensitive data. Therefore, the need to cut down on who can access certain data is necessary and understandable. This measure is often taken to offset the influx of new user devices that enter your network. Users should only have access to data that they need in order to perform their daily duties.
- Outsource mobile device management: Some are under the impression that outsourcing mobile device management is risky, but in reality, an outsourced enterprise mobile management service (EMMS) is the best way to ensure device security. After all, your internal IT department is likely busy with their own agendas, let alone monitoring and maintaining your organization’s mobile devices. Outsourcing takes yet another burden off of their shoulders and allows them to be more productive during the workday.
The harsh reality is that mobile devices aren’t going away, which means that your enterprise has to have a mobile device management strategy. If you haven’t already begun to think about BYOD, it’s never too late to start, and should be a priority on your security checklist.