Bring your own device - and don’t lose data

Working from home and being able to take work out of the office makes working life easier but can be a nightmare for data privacy. With an estimated 56 per cent of employees reporting that they either very frequently or frequently stored sensitive data on their laptops, smartphones, tablets, and other mobile devices, the chances of confidential information getting lost or into the wrong hands are very high. 

Bring-Your-Own-Device (BYOD) is part of the modern workplace. It’s becoming more and more normal for business information to be stored in or accessed by devices that are not fully controlled by IT administrators, and the possibility of data breaches caused by personal devices that aren’t properly protected is also on the rise. 

Protecting business information on mobile devices can be as simple as encrypting files and/or password protecting the device - it won’t stop them being lost but IT admin will be able to selectively remove sensitive encrypted data and the chances of someone using stolen information maliciously are much smaller if it’s not possible to get straight into any files that may be sensitive. The issue is clouded when the device actually belongs to the employee and not the business, however.

Most businesses think nothing of allowing employees to use their own devices to access email, office calendars and contacts, and a strong BYOD policy is vital if company information is accessible on the go, via personal devices. 

Which devices are allowed?

It’s up to you to set the boundaries and specify what’s acceptable. If you only want to support employees’ personal Android devices and not iPhones or iPads, or vice versa, make that policy and stick to it. 

Enforce strict security rules

People don’t like having complicated passwords and lock screens - they get in the way of fast access to their devices and longer, more effective passwords are also easier to forget. If they are using their own mobile devices for work however, you can’t afford to leave them on a swipe and go setting. If your staff members want to be able to use their own gadgets for work too, they will just have to accept that they need to use a complex password to access them.

Banning apps

This also applies to corporate devices - social media browsing apps, email applications and VPNs or other remote-access software need careful consideration when you’re formulating a data protection policy. Although the devices are people’s own, they will have to consider business needs if they want the convenience of using them for work, and that includes not using apps or settings that could potentially compromise data security.

Businesses also need to consider what could happen if an employee leaves the company - you will have to have an agreed policy in place allowing you to remove any access tokens, e-mail, data and other access permissions.

Does your organisation have a BYOD policy? Do you have permission from your employees to delete information from their personal devices remotely when they leave, or if it’s lost/stolen? What safeguards are in place to ensure that staff don’t store sensitive information remotely? If you need advice on setting BYOD policies that keep your sensitive data safe, contact me and I will be delighted to provide you with guidance and advice.