While technology is a massive enabler for mobile working and business growth, managing your data and mobile hardware brings its own challenges. Smartphones and tablets are no longer seen as purely a tool of trade and many employees are no longer satisfied with company-issued equipment.
It can often be difficult for firms to keep up with the latest technology trends and with a workforce that is keen to use the latest iPhone or Android device, as such, it may be tempting to move your business to a Bring Your Own Device (BYOD) model. While this can have advantages, it is important to consider company data and how you can protect sensitive information, as well as the associated insurance risks in terms of your Office Insurance and Cyber Liability Insurance requirements.
Why is BYOD So Popular?
Often driven by young, tech-savvy work culture, more employees are keen to swap company equipment in favour of personally owned devices, such as smartphones, tablets or laptops that they are more comfortable using. Alongside this, some employees may look to use their own devices alongside their company phone simply to increase their productivity and flexible working environment.
Consumerisation of IT, another name for BYOD, is all part of the increasing influence of consumer technology in the workplace. To ascertain if BYOD is right approach for your company, first familiarise yourself with the advantages and risks of BYOD.
Advantages of BYOD
#1 Reduced IT Spend
BYOD can generate a significant cost-saving for companies, reducing the amount spent on hardware and software purchases, maintenance and the cost of training employees to use the equipment.
Allowing personally owned devices could save thousands of pounds in up-front IT hardware costs for new employees, especially for rapidly expanding businesses, because employees buy and maintain their own equipment. Firms can then choose to compensate employees by subsidising or reimbursing their purchases.
#2 Staff Acquisition and Retention
BYOD can also be an effective tool for recruiting and retaining staff. With the freedom to choose the technology they are comfortable with, employees are more productive and generally satisfied with their jobs. A contribution towards the latest iPad or Macbook often receives significant perceived value in the eyes of an employee, without any increase in overall IT spend.
#3 Productivity and Flexible Working
The use of employee owned devices can blur the lines between work and play. While many employees will switch off their company phone or laptop at the end of the day, using their own device often increases availability and client response times.
BYOD can also provide flexible working opportunities, increasing staff morale and delivering a better work-life balance.
The Risks of BYOD
#1 Cost Management
Although BYOD can save some firms money, others may end up spending a lot more. If your business requires standardisation of your applications, hardware and operating systems, the integration of multiple platforms could actually increase IT management costs if personally owned devices were added to the mix.
Adopting BYOD exposes companies to two major risks: IT security risks and data loss. This alone may be enough to compel a company to ban BYOD altogether. Are these risks worth the benefits?
#2 IT Network Security
Personally owned devices are unlikely to have the same bulletproof security technology that your company phones and laptops have. One risk is authentication, which is how you allow users to access your internal network.
Since your IT manager or department doesn’t control the employee’s device, you must find a way to authenticate the user. In addition, if the personal device doesn’t have malware protection, Trojans, spyware and other malware attacks can be inadvertently introduced to your network.
Mitigating the IT Security Risk
Security threats are serious, but that doesn’t mean you should forgo adopting BYOD. You can mitigate the risks with the following:
- Keeping track of which devices are corporate-issued and which are employee-owned.
- Install digital certificates on each personal device so they can be authenticated before the employee uses them to log in to your network.
- Ensuring that the company’s Wi-Fi network can handle the increased number of Wi-Fi devices that access it so that it won’t negatively affect the network’s performance.
- Creating an Acceptable Use Policy, defining the rules for what employees should and should not do when they access your network, regardless of whether they use company computers or personally owned devices.
#3 Company Data Risks
Data breaches due to lost, stolen or insecure devices are real and significant threats that cannot be ignored. The loss of confidential or proprietary company data could result in untold reputation damage, lost clients and costly fines and legal actions.
If employees work with sensitive customer data, such as personally identifiable information, BYOD could increase the risk of a data breach. The ICO (Information Commissioners Office) takes breaches of the Data Protection Act 1998 particularly seriously and has powers to issue significant fines and penalties.
While Data Breach and Cyber Insurance can provide peace of mind against such incidents, prevention is always better than cure and you should make data protection a key business priority.
Can you trust that your employees will protect your data?
It is important to remind employees that while the device is their own, the data belongs to the company. The line between separating company files from personal files on personal devices can get blurry, increasing the chances that company data could be mixed up with personal data.
Be aware that employees who save company data on personal cloud storage sites, such as Google Docs®, Facebook® and YouTube®, increase the risk of inadvertent sharing or streaming content to unauthorised viewers.
How focused is your staff?
While for many employees, BYOD can increase productivity, for some staff that are less focused, it could have the reverse effect. Some employees are more likely to distract themselves by surfing the Web, social media applications, or taking care of personal business on their own devices than they are on company devices.
Managing Data Loss Risks
In deciding whether or not to adopt BYOD, focus on protecting your data and mitigating the risk of a data breach, it is recommended that you create a BYOD policy that includes:
- Installing remote wiping software on the employee’s personal device in case the device is lost or stolen. Inform employees that remote wiping may cause their personal data, such as pictures and contacts, to also be erased.
- Educating and training employees on how to safeguard company data when they access it from their own devices.
- Informing employees about the protocol to follow in case their devices are lost or stolen.
BYOD Policy Tips
Balancing the risks while keeping employees happy can a challenge. Many businesses make the mistake of adopting BYOD without putting a formal policy in place, increasing the chances of BYOD abuse.
Work with your IT Manager to incorporate effective security and data loss risk mitigation into your policy. You may also want to consult your legal and HR advisors to add disclaimers, such as confiscating or being provided with access to employee-owned devices in case of litigation.
Once the BYOD policy is in place, it is important to inform your employees about which personal devices your company will and will not support.
Educate new and existing employees about the importance of IT security and protecting company data on their devices. Working on a personal device should be no different to working on a company computer and responsibility to protect company and client data is equally important.
Starting a business or reviewing your cover?
We would be pleased to provide a FREE consultation and review of your Business Insurance and can compare products, public and professional liability insurance from the UK’s leading business insurers in minutes.