It used to be that you went to work, used your company issued computer and telephone, and then went home for the day. As cell phones and other mobile devices grew in popularity, you might have received a work-issued device to get work done on the go.
These days, nearly everyone has a smartphone and perhaps another mobile device they want to use for work as well as on personal time. Not only is it easier to manage— one number, one contact list, one set of applications—but some companies actually see some savings by allowing employees to use their own devices and reimbursing them for a portion of the cost.
However, in the BYOD (Bring Your Own Device) world, not all is that simple. When employees use their personal devices, they open up security risks to the company’s computer systems. Something as simple as a malware program acquired through social media on your own time can wreak havoc on the organizational computer system, never mind the risks of data theft, viruses or lost devices.
As a result, BYOD presents some unique challenges for IT security professionals and often requires an IT security degree to understand and mitigate the risks.
Issues with BYOD Security
There are several issues that are quite common among those using their own devices. Among them are:
It’s rare that an organization will allow any device to access any part of the network without some sort of authentication or security process. However, even with some protocols in place, the risks can still be great. Some IT security departments limit access to network on mobile devices, as well as place strict requirements on the security features of the device in order to protect the network and its data.
Many organizations employ encryption when storing and transferring data offsite or when employees access the network from their mobile devices. Without the encryption key, it’s impossible for anyone to read the data—an important safety protocol when dealing with sensitive or proprietary data. In many cases, mobile devices lack the proper encryption software, and unless users allow their IT department to update the encryption program, the device presents risks.
Many companies ban employees from using social media or other non- work related sites on company owned devices for reasons related to productivity and network safety. For example, many criminals target Facebook as a means for delivering harmful malware or virus programs. When employees use their personal devices, they may inadvertently download harmful programs that could attack the entire company network, leading to theft, a reduction in speed or other problems. And it’s not just social media. Because the employee owns the device, he or she can use the device for personal activities as well as work, not considering the effects on the work network. For example, while doing research on a tablet about leadership degree programs, an employee might visit a site that installs spyware or malware that would have been blocked had the search taken place on a secure company computer.
Theft or Loss
As anyone who has ever lost his or her cell phone will tell you, it sucks. If you use that device for work, it’s even worse, since the potential for sensitive company information to fall into the wrong hands increases greatly. When employees use their own devices, IT security departments have to take precautions such as limiting access to the network and setting up user identification protocols that will prevent unauthorized access to the network in the event of theft or loss. Not to mention, when an employee leaves the company, the security team must have a procedure in place that ensures former employees no longer have access to private company data.
Using mobile devices for work is a boon to both employees and businesses. Smartphones and tablets allow employees flexibility in their work environment, and allow them to be more productive when they have to be away from the office. However, without proper security measures, BYOD can mean disaster for the organization. In light of this, IT departments must stay on top of all the latest in threat management and security protocols.
About the Author:
Jordan Pinkas is a technology journalist and video game nerd. He has worked from home since he was 17 years old and never plans on wearing a tie.