Contact us on

020 7611 4848

email us

Sub-menu

Arrange a Callback

Ask a Question

Do You Have a Bring Your Own Device (BYOD) Policy?

Tuesday, 16 July 2013

A recent YouGov survey revealed that around 47% of British employees use their personal devices for work. At the same time, it found that less than a quarter of businesses have formal Bring Your Own Device (BYOD) policies in place.

Formal BYOD schemes appear to offer excellent opportunities for businesses to reduce costs on company laptops or mobile phones but it also exposes them to a number of risks.

Whether your business has a formal BYOD scheme in place or not, the proliferation of cloud computing, virtual private networks and smart technology means employees are increasingly likely to access corporate systems on personal devices. Managers should understand the risks.

Company Compliance with the Data Protection Act

Under the Data Protection Act (DPA) a company is responsible for the personal data it holds even when accessed by employees via a personal device. Therefore, it must still offer similar levels of security as it does for its own equipment, for example, by encrypting the organisation's personal data. The DPA also imposes other duties on the data which may be onerous to comply with on personal devices, such as keeping information up to date.

Although there are no cases of individuals or organisations being fined after losing corporate personal data held on personal devices, a recent £150,000 fine handed to the Nursing and Midwifery Council should serve as a warning. It lost three DVDs holding unencrypted personal data; DVD’s can hold far less information than personal devices.

Wider BYOD Issues

If a company is unaware of its employees’ use of personal devices for work, it is likely to be failing various compliance obligations under the DPA.

For formal BYOD schemes, educating employees on the legislative requirements, enforcing compliance with company policy and introducing specialised BYOD software will restrict their use of their own devices and may not be popular. It may also diminish many of the cost gains and staff might be less keen to use their own devices once they are taught and shown the controls that are necessary to keep data safe. The morale and flexibility benefits BYOD schemes offer may well be lost.

Another downside is the threat of cyber-attacks. As BYOD has boomed, cyber criminals have targeted mobile devices. Indeed the The EU’s European Network and Information Security Agency described the rise of BYOD as one of the reasons for the “exponential increase in threats” in mobile computing.

Conclusion

Ignoring the BYOD phenomenon is no longer an option. All businesses need to be aware of BYOD and have a strategy to manage the risks. Any organisation considering a formal BYOD scheme should think carefully about whether the benefits are worth the potential downsides. It should also create and implement strict guidelines which the employees are made aware of and understand, and deploy the necessary software to ensure security. For more information please contact us on 0207 611 4848.

No comments:

Post a Comment