As smartphones, laptops and tablets become ever more important in business, small businesses are becoming less likely to supply them to employees. A recent Sage SMB Survey on Mobile Devices found that 54 percent of small business respondents bought mobile devices for workers. That sounds like a lot until compared to the 2013 survey, which found 69 percent of small firms provided company-owned mobile devices. Clearly, Bring Your Own Device (BYOD) policies are on the rise.
“Business owners like BYOD because it reduces the cost of buying, securing and supporting mobile devices while maintaining the ability to flexibly respond to customers,” says Sarah Lahav, CEO of Tel Aviv, Israel-based help desk software maker SysAid Technologies.
However, when employers don’t budget to hire IT staff to protect company data from BYOD vulnerabilities or to advise employees how to use them, BYOD brings security and support problems that neither small firms nor individual employees are well-equipped to handle. Sensitive data may be exposed in an unsecured employee smartphone, or a customer won’t be served because an employee can’t figure out how to use his or her new tablet to pull up price quotes. “It’s a complete headache,” Lahav says.
It’s also a headache that many small business owners prefer to ignore.
Enter IT consultants and advisors who can advise small business owners on instituting sound safe and secure BYOD policies.
1. Encourage business owners to embrace BYOD for its benefits rather than trying to prohibit it.
“If you go to any convention where BYOD is being dealt with or spoken of, the initial response is to ban them,” Lahav says. “But realistically, you can’t.” For instance, 96 percent of employees check e-mail using mobile devices, according to the study by Sage, an Irvine, California-based business management software firm. And there is no practical way for employers to stop workers from using personal devices to email through web-based services such as Gmail.
2. Be realistic about security and support.
Realize that BYOD users won’t be as effective as in-house or out-sourced experts when it comes to securing and maintaining their devices. “You can say ‘bring your own support,’” Lahav says.
“But that’s not recommended. It still keeps the security hazard out there.
In addition to lax security, Lahav adds, you’ll find that self-supported users aren’t likely to be able to connect to company networks or otherwise use their devices as effectively for business purposes compared to those with more support.
3. Tap into natural social support.
Employees possess significant collective expertise as day-day users of their own devices, Lahav notes. Have employees who carry similar smartphones, tablets or other devices talk to each other to help solve security and use problems. “Those people can help one another, although IT is not the core of their business,” she says.
4. Enforce sensible BYOD standards.
A good start is to require all BYOD employees to use the same operating system, such as Android or iOS. “That enables you to support some kind of app standard and test them to make sure they work,” Lahav says.
5. Require some security on BYODs.
JD Sherry, vice president of technology and solutions for Tokyo-based Trend Micro, suggests that personal smartphones that are used to tap company networks be required to carry security software that can detect and deter malware that could steal login information or other sensitive data. “That has to happen to make the small biz owner feel comfortable,” Sherry says.
At minimum, small businesses should understand that, if BYOD doesn’t present security problems now, it will soon. “Reality is that cyber-criminals are fully migrating to mobile device platforms,” says Sherry. That means that all the security and support problems that have plagued desktop business systems are or will soon be found on personal devices used to access business data. That means something has to be done. And fortunately, it can be, as long as small business owners are talked to about it in ways they can understand.