use their own mobile devices in the digital workplace. But everyone in your organization — from employees to executives — is vulnerable when it comes to lost or stolen phones, tablets and other portable devices.
If you’re going to offer the option to bring-your-own-device (BYOD), you need to make sure that your organization is prepared to address document and content security concerns. At first, the stakes might not seem significant — until you have a problem on your hands. According to research by Gartner, unmanaged BYOD “can lead to loss of control, impact your network availability and cause data loss.”
There are three main security risks to consider:
- Device theft: Loss statistics for smartphones, tablets and laptops are “staggeringly high,” according to Gartner. In the United States, smartphone theft is soaring. A national survey by Consumer Reports found that thefts nearly doubled from 1.6 million in 2012 to 3.1 million in 2013, with another 1.4 million smartphones lost and never recovered.
- Data leaks: Since personal devices may be vulnerable to hackers and thieves, you need ways to make sure that company data is protected with encryption and eventually deleted according to your organization’s rules. This is a major concern for BYOD organizations, as the Consumer Reports survey found that approximately one-third of U.S. smartphone owners fail to take even the most basic measures to protect their phones and the data stored on them.
- Network security: Before you allow employees’ personal devices to connect to your company Wi-Fi or virtual private network (VPN), you need some way to verify the user’s identity and block access from devices that don’t meet your security standards.
In this environment, the key to securing your users’ personal devices is to manage how those devices are used in business activities. That means developing an information governance strategy for BYOD, implementing technology to manage access and providing guidance to users.
For example, a common best practice for BYOD is to establish the capability to remotely wipe a device. In case of a loss or a theft of a device, the company should be able to control what happens to business data and use remote access to force the deletion of specific information. But what information does this cover? What software capabilities do you need to support the policy? How should employees maintain their devices and report problems?
The solution is a collection of tools and techniques commonly known as “mobile device management,” or MDM. An MDM strategy ensures there’s a process and policy for BYOD and is a relatively new area of IT, emerging in the last five years. While Blackberry pioneered the use of MDM for phones, today’s system is a software platform that extends MDM capabilities to a wide range of phones, computers and tablets.
Anyone in your organization could lose a smartphone, or have it stolen. That’s why it’s critical to have control over any confidential information stored on a user’s smartphone, such as emails, documents, passwords and other user data.
To learn how to secure your business data on mobile devices, download our free e-book, “Ensuring Document Security In A BYOD Workplace.”
Contributor: Daniel Cohen-Dumani, Founder and CEO at Portal Solutions
