BYOD or Bring your Own device refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. The phenomenon is commonly referred to as IT consumerization. The term is also used to describe the same practice applied to students using personally owned devices in education settings.
The term BYOD was introduced in 2009 by Intel when they noticed the tendency of using own mobile devices among the employees in their corporate work.
Importance of BYOD
Due to the rapid increase of mobile devices it is assumed that within next five years the total number of devices will be around 10 billion that means 1.5 devices per head. As the personal mobile devices are integrated part of our lives, employees want to use their own devices in personal as well as corporate purpose also.
In the current economic model, when a company wants their employees to be more productive, BYOD is a useful and attractive option and will increase the productivity on a large scale if it safely used.
Survey Reports on BYOD
There are lots of surveys have been done by all the big IT companies as BYOD is playing a very important role in the market.
· 75% of employees in high-growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work.
· 95% of employees stating they use at least one personal device for work.
· 44% of job seekers view an organization more positively if it supports their device.
· IBM says that 82% of employees think that smartphones play a critical role in business.
Security Problem With BYOD
1. Security of data: As the employees carry the important data with them in a flash drive or laptop outside the company. So if the employees are not trustable, it is possible that they will supply the details to other company. Now this is not a technical issue. So it cannot be solved in that way.
2. Lost and stolen devices: Millions of cell phones and smartphones are lost or stolen every year. It is thought that approximately 22% of the total number of mobile devices produced will be lost or stolen during their lifetime, and over 50% of these will never be recovered. Most devices are stolen for the value of the hardware on the second-hand market; however, a growing amount of lost and stolen phones have their content accessed by someone other than their owners. This highlights the importance of basic security features such as password protection, encryption and robust procedures to wipe the device once lost.
3. Unknown Mobile App download: Almost every app takes some permission from the owner to access some features or hardware to run properly. But it is seen that there are millions of apps from unknown or un-trustable develops who misuse the permissions and information taken from mobile or tablet. It is observed that sometimes a simple torch application takes permission to read contacts or SD card etc. These apps are simply fishy. If the personal mobile phones which are used in offices contains these types of applications, it may cause a huge data loss.
4. Malware download: Almost every organization uses legal licensed operating system, software in PC or Laptop. But maximum users depend on the free software or the cracked or pirated version of the software in their personal devices. This kind of pirated softwares are generally developed by hackers to gain the access of our computer. Not only that, these customized softwares are undetectable by antivirus, it also damage and destroy the operating systems. The risk becomes high as they also use pirated antivirus which cannot update its own database.
5. Other network connection: The devices of companies are only can be used in the office network which is generally protected by good and original software and hardware firewall and the network is also monitored by some network security experts continuously but in the case of BYOD all the devices are used in public places and home. These networks are not at all secure and hackers can hack the laptops or mobile easily when they connect to these networks.
6. Enabling Security features of OS: The most popular OS on the planet are Windows, Linux and MAC. Three of them have lots of inbuilt security features which we have to manually activate. The firewall also can be customized to get maximum protection. In any office, these tasks are performed by experts in every computer. But most of the employees don’t know the activation process and they use the default settings which activates only 25% of the overall security provided by the OS Company.
7. Less use of encryption: Employees generally do not use encryption to protect their data. As a result, if devices are lost or somehow hackers manage to gain the access of PC or mobile they can easily read and use the data. But if they use proper encryption, they can protect the secret information of their organization.
Secure Your Device
There are lots of steps that can be taken to protect all these devices.
1. Cyber Security Education: The main and most important step is spreading cyber security education among the employees and awareness about securities. Most of the people are careless about security and they don’t know the basic things about security and what they should do and they should not. That is why they sometimes click on some malicious link sent by unknown people or download from unsecure websites.
2. Using Licensed software: Using licensed software is an important step to BYOD security. As most of free software are developed by bad people it is a better practice to use original OS and software.
3. Using security software: Employees can use SANDBOX to run fishy software to protect a system from malware. They should also use the original updated version of good antivirus to get the basic security.
4. Using VPN: Using virtual private network is a very good step to communicate through a secure channel.
5. Customize firewall and Other Security: Employees should contact security experts to enable maximum security and activate all features of firewall.
6. Avoiding public Internet connection: It is better to avoid public open wifi and insecure network to access internet for the safety of data of the organization.
7. Using Encryption: Employees should use proper encryption before storing their data and sending through the internet so that man-in-middle attack cannot occur.
8. Mobile phone safety: It is recommended not to download any unknown app into mobile and use some safety app to detect the fishy and insecure application.
By leveraging industry leading practices, integrating a thoughtful BYOD policy and adopting strategies that are flexible and scalable, organizations will be better equipped to deal with incoming (sometimes unforeseen) challenges to their security infrastructure posed by the use of employees’ own devices. The introduction of appropriate procedures and regular testing will help organizations become smarter and make their employees more aware of the challenges that the use of personal devices pose for the entire enterprise.
The last thing is that an organization’s first and last defense against security breach is its own employees. Training employees on good security practices offer the most bang for the buck. It is the best and beautiful way to increase productivity using BYOD.