Turns out there are freakishly high numbers of people letting their employees loose into the world of bring your own device (BYOD) without any strategy in place – so today we’ve got more industry insight from our pals over at Gartner on how to take your work with you, safely!
As the next generation of workers shuffle onto the horizon, tablets in hand and data in the cloud, we can’t take the same ‘it’ll be fine’ approach toward BYOD that we used to. On the one hand, convenient; but on the other, letting employees go on safari with their tech, when that tech holds business data, might be wobbling a little far into the wild side.
According to Leif Olof Wallin, one of the fab Gartner experts, 90% of his clients have some form of BYOD scheme. Unfortunately, “that doesn’t necessarily mean that they’ve formalised it and have all the tools in place to manage it.
“They admit to managers using their own personal Macbook Airs, people in marketing running around with their own personal iPads. Only about 50% have the tools, processes and technology in place to safely manage [BYOD].”
So actually it’s not so much the tech, it’s how you use it: to make BYOD safe you need a strong policy and employee training.
As Leif suggests: “The basic stuff is to make sure that you have a reasonable policy in place to ensure that the device is protected by a passcode, a policy for passcode complexity – my security colleagues recommend the minimum of 8 characters and a mix of alpha and numeric – and [ensuring] that the device is able to be remotely wiped if it’s lost, stolen, or compromised.
“Almost all of my clients also have zero tolerance against devices that have been tampered with – [that are] not running an official version of the operating system. Encryption of data is another requirement that’s very usual among my clients.”
Although Leif’s clients might love a good bit of encryption, in business as a whole, education needs to be better. When we asked Leif if he thought businesses were educating employees enough on BYOD and good practice, he responded:
“Most of my clients, no.
“These devices can hold filing cabinets worth of information, but it tends to be the traditional mistakes [that cause leaks].
“We believe that it’s important to have awareness training, but also repetitive awareness training. [Businesses] have elaborate processes when someone leaves the company, but with a BYOD programme people take old devices out and new ones in typically every 9-12 months. So you have to sanitise the devices going out, and remind people of what’s in the BYOD contract.”
At the end of the day, a personal mobile used to access sensitive business information puts any company at risk if the phone is lost or stolen; it turns out that one of the biggest problems is employees losing devices on public transport – and, as anyone who’s watched a taxi drive off with their phone in the backseat knows, it happens to the best of us. But when you could get in serious trouble at work because of a backseat blunder, there need to be protocols in place to deal with the situation; protocols that go above the usual ‘cry for a minute in a Costa’s toilet and then start a Facebook group asking people for their numbers’ strategy.
For example, make sure that employees know where they should be keeping which bits of data: “Most of my clients get very nervous if employees would use non-corporate versions of cloud services to store corporate information,” Leif confessed.
“As long as you provide them with a good corporate solution, most employees don’t really want to violate security. The problem is if you don’t recognise that they have a legitimate need to replicate information between their different devices, that’s when they start to get creative and start experimenting with Dropbox and Google Drive and other consumer-grade stuff.”
So, according to the Gartner Guys, as long as you have good policies, processes, and products in place, BYOD security doesn’t have to be a shot in the dark. Now go forth and BYOD – just make sure to keep an eye on that backseat…