Back in the mid-2000’s when smartphones were still a novelty, companies didn’t need to worry about policies like bring-your-own-device (BYOD). Why would they? Our phones didn’t have the processing capabilities we take for granted today, and for most companies, the idea of letting employees store corporate data on private devices was unthinkable. But with the advent of the iPhone in 2007 and the Android OS soon after, this mindset was quick to change.
Today, the question of BYOD acceptance is less of a debate and more of a losing battle for slow-moving companies. Surveys indicate that BYOD policies are supported by 59 percent of organizations, with 22 percent planning to implement BYOD strategies in the near future. Looking even further ahead, it’s estimated that the BYOD market could reach nearly $367 billion by 2022.
In short, BYOD security has spent the last decade evolving from “Should we allow it?” into “It’s unavoidable; now what?”
Best Practices for BYOD Security
Fortunately, BYOD strategy in 2018 is fairly comprehensive and aims to help you maximize the benefits of the practice while minimizing risk:
- Implement mobile device management systems that let you remotely monitor all devices in use and include remote locking and data destruction tools in the event of a lost device.
- Require (or encourage) employees to access business data only through business applications. This lets you store data on your own protected servers and limits how much information employees can keep on local storage.
- Schedule regular data backup for all devices that do contain corporate information. The more devices in use, the more risk of loss. Regular backups are an essential part of comprehensive business continuity.
- Require anti-virus/anti-malware scanning on all devices.
Companies are getting more vigilant in how they install and manage security in BYOD workplaces, but as is the case with all cybersecurity, threat actors are keeping pace with these advancements.
Unfortunately, many of the threats presented by BYOD are still relatively unknown, even in 2018. And while researchers are attempting to create frameworks for BYOD vulnerability assessments, the industry still has a long way to go.
If you’re beginning to launch your BYOD policies, you need to make sure your bases are covered before your company data hits any employee phone. Make sure you have thorough BYOD policies built into your company’s disaster recovery strategy, and train all employees on these best practices before you begin.