Smartphones, tablets small and large – they’re everywhere today, including the workplace. The bring your own device (BYOD) movement is now well established, and it’s offering organizations flexibility they didn’t have before. However, there can also be some drawbacks if policies aren’t put in place.
Employees are using their mobile devices for work and play, which can pose security issues. Breaches, which occur because a “door” was left open in a mobile device, are becoming more common. In the healthcare industry where privacy is highly regulated, fines are quite large. Consider a provider in Dallas that had to pay over $3.2 million in a privacy breach issue that was caused by an unencrypted and password-deficient mobile phone.
Beefing Up the Policy
BYOD policies help to keep organizations from falling victim to what can be a wide open door for hackers to breeze through. Policies take into account the various security risks and liabilities, as well as acceptable use, support, passwords and encryption.
Perhaps one of the biggest components of a BYOD policy is in regard to education and awareness. This involves everyone in the organization, from the newest on the team to top executives, because it only takes one person clicking on the wrong link or leaving their device unprotected to create a Trojan Horse scenario.
Also consider who has access to what data. Your policy should account for the various levels of sensitive materials your company stores, and address who should and shouldn’t be able to gain access to it and what your organization will do when data becomes compromised.
Some organizations have best practices set up regarding what devices can be on the company’s network. For example, personal devices like iPhones, iPads and BlackBerry and Android devices, which can be a threat to the security of the organization, must remain offline in the sense that they are not tied into the company’s network.
Best practices for some organizations include not giving various employees access to email on their phones, as this is where phishing scams do their damage.
Another best practice is to approach security from the point of view that considers the technology and applications within a device instead of the device itself. For example, cloud-based applications are fairly ubiquitous now, which means it’s less about the device and more about the virtual infrastructure and how it’s accessed.
At Truth Comm, we’re committed to assisting our clients with all the confusing telecom options out there. At the same time, we know our clients are also concerned about security. Contact us today and let’s talk about the needs that are unique to your organization.