What else are your employees packing besides their lunches? It’s a Bring Your Own Device (BYOD) world for many small businesses. Which can be advantageous, but BYOD raises a number of data protection concerns since the device is owned by your employee rather than your company/data controller. Has your company thought about the risks of BYOD? The article "How to integrate BYOD into a small business" from Tech Radar outlines steps to develop your business' BYOD policy and securely integrate BYOD across your company:
BYOD offers substantial benefits, but also security worries.
The BYOD or Bring Your Own Device phenomenon has been gaining pace, especially after Apple's iPad was released. As a small business owner BYOD can be something of a double-edged sword in that the benefits can be great, but security concerns can be worrying.
According to Ovum, BYOD is being used by all businesses, but often without any clear security policy in place. Adrian Drury, consulting director at Ovum, said: "The big consumerization challenge for IT is that you are in a competitive market now; people had to use what you gave them because there wasn't any other choice. That, of course, has all changed. If you're not being given the tools you need to get your job done, you'll go and find a way around that."
What's more, research from TrackVia reveals that the millennial generation that make up a large proportion of small business employees have little regard for business security, with 70% of those polled admitting they brought applications that were not authorized by their employers into the business to help with their work. And half use their own apps because those supplied by their businesses don't meet their needs.
There is, however, a change in attitude towards the use of BYOD that IDC has identified. Research director Chris Chute said: "Small businesses have seen the most growth in BYOD device uptake and have responded by implementing policies that govern how those devices are used.
This is a marked change from only a year ago when close to half of small firms cited having a zero-access BYOD stance. Now, with the availability of hosted software and easy-to-implement mobile solutions, SMB IT managers feel much more comfortable allowing personal devices access to internal IT resources."
Clearly few small businesses can avoid using BYOD across their organizations, as their employees may already be adopting a BYOD approach to their work. Your business can't ignore BYOD. Taking the time to develop a detailed implementation plan that includes how security will be managed is how small business owners can fully leverage what BYOD has to offer.
Integrating BYOD into your business will require a clear understanding of what you want BYOD to bring to your enterprise. Follow these steps to develop your business' BYOD policy and securely integrate BYOD across your company:
Take a BYOD audit
Before any integration or policy making can take place, your business needs to know how widespread BYOD already is. Assess which devices are in use, and which apps. More importantly, ask what motivates your employees to use BYOD over business-supplied devices.
Data storage and access
Your business already knows its responsibilities to comply with the Data Protection Act (DPA). BYOD also needs to be considered in this context. The Information Commissioner's Office (ICO) has published guidance that your business should follow to ensure it fully complies with the Act when rolling out BYOD policies.
The core advice from the ICO is: "BYOD raises a number of data protection concerns due to the fact that the device is owned by the user rather than the data controller. However, it is crucial that as data controller you ensure that all processing for personal data which is under your control remains in compliance with the DPA. Particularly in the event of a data security breach, you must be able to demonstrate that you have secured, controlled or deleted all personal data on a particular device."
Just as your business carries out risk assessments for health and safety reasons, a risk assessment for BYOD is vital before these devices are integrated into your enterprise.
Inside and out
BYOD blurs the lines between the use of business technology and the personal devices that employees own. It is critical to assess where personal and business operations lie to develop a BYOD policy that will be accepted by all. Assess the data silos your business uses, and ask how much access a BYOD device should have?
The power of mobile digital technologies is their ability to connect to data sources at any time. As part of your business' BYOD integration, it is vital to assess how these connections are made. Using VPN (Virtual Private Network) and encryption is important when implementing a BYOD policy.
Because BYOD will include a mixture of personal and business information, who in your business has control of these devices needs to be considered. Devices are easily lost or stolen, so some form of remote data wiping will be needed if your business is allowing sensitive information to be stored on the devices used within your BYOD network.
The average smartphone user will have dozens of apps on their phones, which they are constantly updating. Integrating BYOD into your business will require a policy that governs which apps are allowed and which are not. Security is paramount here, as consumer apps won't have the robust security protocols that your business needs to ensure each device can be used securely.
A BYOD future
Successful BYOD integration is founded on a deep understanding of what motivates a workforce to use their own devices, and how this drive can be supported and leveraged with user and security policies. It is a fine balance to allow BYOD to be used across your enterprise, yet have the security safeguards in place that protect the data being manipulated.
There is little doubt that the use of mobile digital devices will continue to proliferate across the small business environment. The gains and benefits that BYOD brings are manifold, but small business owners should take the time to understand how BYOD can be integrated into their business, and ensure all stakeholders are supported with a detailed BYOD policy.