Minimizing the Cyber Risks of BYOD
Increasingly more employees are using their own tablets, smartphones, or other devices in a work environment – whether at the office, on the road, or at home. With the popularity of Bring Your Own Device (BYOD), IT security and risk to sensitive business information is of great concern to organizations who are looking to minimize the exposures posed by BYOD, such as data loss or hacking attacks.
Following are several best practices companies should follow to balance the full advantage of BYOD while also reducing their cyber risks:
- Implement an effective BYOD policy. An organization should employ a clear draft on its BYOD policy that is comprised of what staff members can and cannot do on their personal gadgets. However, having highly restrictive policies in place to safeguard sensitive information may be discouraging and counterproductive. Employers should focus on involving key stakeholders, and respecting employee privacy while at the same time take a proactive approach in formulating a secure policy.
- Involve stakeholders and encourage employees. A strong BYOD policy is ineffective if employees don’t understand it, or choose to ignore it. Ensuring the staff understands what they should and should not do with a device containing corporate data is crucial. Invite a broad spectrum of stakeholders, including from HR and the compliance department, to the table when discussing how to implement enterprise BYOD policies and standards.
- Have a contingency plan. Smartphones fail, tablets get damaged, and Internet services go down. Businesses should have a backup plan should an employee’s device be compromised. This means having the ability to remotely wipe the device clean of corporate data if a personally owned device is lost or stolen in order to prevent that information from falling into the wrong hands. Additionally, businesses should regularly test their backup plans.
- Know the legal ramifications When dealing with BYOD data, there will be a number of regulations to which businesses must comply. It’s important to remember that responsibility for the information will still rest with the company and not the owner of the device.
- Address privacy concerns. Privacy plays a key role when it comes to BYOD. A recent Harris Interactive survey found that 82% of users are extremely concerned about employers tracking their online activity, and nearly 9 out of 10 are similarly cautious about their employers deleting their data. These potentially stringent measures often lead to BYOD failure. Therefore, an IT department should ensure that any time information on an employee’s device is accessed, it is done with his or her knowledge and agreement.
In addition to having a robust BYOD security policy, ensuring the right Cyber Liability insurance solution is in place is critical for an organization. Not only will clients have the coverage required to respond in the event of a cyber occurrence, but they will also have access to the expertise that comes with a Cyber policy regarding notification regulations and the resources for forensic accounting, reputational damage, and more. Caitlin Morgan specializes in Cyber insurance coverage and can assist you with designing a policy to address your client needs. Give us a call at 877.226.1027.