It used to happen all the time. People actually carried a work phone and a personal phone. There used to be a real cost to how companies and their employees used their digital devices. Now, with inexpensive and unlimited use cellular plans, the financial concerns of using a personal device for work have gone by the wayside.
More and more companies are becoming comfortable with employees connecting their digital devices (bring your own device – BYOD) to the corporate network. This change has happened because of three main reasons:
- Data has become inexpensive;
- Cost of phones have skyrocketed; and
- It is inconvenient to carry multiple digital devices; the reality is, one phone or tablet is often more than enough to get the job done.
Allowing employees to use their personal devices has more than just a financial upside. Employees that are allowed to use their personal devices are often more accessible, productive and don’t require any training on how to properly use their device. BYOD leads to happier employees and a measurable benefit to the business.
That said, the ease and convenience of allowing employees to use personal devices comes with a few downsides. Employers should understand the risks of allowing their employees to use their own devices. Generally speaking, there are five major concerns for employers:
- A device can be lost or stolen;
- A delay in replacing a damaged or broken device;
- An employee exits the organization;
- Security updates go uninstalled; and
- Connecting to unsecured WIFI
To that end, there are very real risks to your corporate data, especially in today’s world where not everyone works in the office all the time. Security professionals should insist on developing strict BYOD guidelines specifying on how personal digital devices will be used for work.
That said, important questions to consider when outlining BYOD policies include:
- What regulations must be adhered to when using employee devices?
- What measures will be taken for securing devices prior to use?
- Where will data from BYOD devices be stored (locally, in the cloud)?
- Types of privacy granted to employees using their own devices?
- Kinds of support the organization will provide for BYOD users?
- Safeguards in place if a device is compromised?
- What methods will be used for securing devices before they are retired, sold, or disposed of?
Their Mobile Devices vs Your Network: BYOD Security
These guidelines don’t have to be overly cumbersome if you include Zimperium’s zIPS, the world’s first mobile intrusion prevention system app that provides comprehensive protection for iOS and Android devices against mobile network, device and application cyber-attacks.
- IT won’t need to monitor personal devices, meaning that the user’s personal information remains private;
- There is no longer a need to outlaw jailbroken devices or specific applications allowing device owners to use their devices as they see fit all while not compromising the corporate network; and
- Employees no longer need to grant their company rights to make changes to their digital device.
That said, even with zIPS:
- Employers still need a strong policy on how to manage any data stored on an employee’s digital device when they prepare to exit the company;
- Employers should still require strong password and security features be enabled on digital devices that will connect to their networks; and
- Encryption for truly sensitive data should always be a consideration both for when the data is in transit and at rest.
Leave your employees to their own devices. zIPS accommodates the human factor. We secure iOS and Android devices in real time without compromising the user experience or violating a user’s privacy.
The post BYOD Security | Employee Mobile Devices vs Your Network appeared first on Zimperium Mobile Security Blog.