As smartphones, laptops, and tablets become more engrained in our society their impact on small businesses has increased. In fact, most of your employees probably own a smartphone or other personal devices and prefer to use them over a company phone.
In response to this growing trend, a recent survey found that 59% of organizations have Bring Your Own Device (BYOD) policies in place with another 13% planning to implement a BYOD policy in the future. This means that as an IT consultant or advisor you may want to advise BYOD for small business owners to help protect their business. To get started, you can consider these four tips for starting a BYOD policy.
1. Encourage business owners to embrace BYOD business benefits rather than trying to prohibit a BYOD policy.
“If you go to any convention where BYOD is being dealt with or spoken of, the initial response is to ban them,” Sarah Lahav, CEO of Tel Aviv, an Israel-based help desk software maker says. “But realistically, you can’t.” For instance, 96 percent of employees check e-mail using mobile devices during work hours, according to the study by Sage, an Irvine, California-based business management software firm. And there is no practical way for employers to stop workers from using personal devices to email through web-based services such as Gmail, even if those emails contain corporate data that pose security risks.
However, a BYOD policy does not have to be bad for business. “Business owners like BYOD because it reduces the cost of buying, securing, and supporting mobile devices while maintaining the ability to flexibly respond to customers,” says Lahav. MDM solutions (mobile device management) can be costly, whereas a BYOD laptop management program could save a small business thousands of dollars.
You may want to consider the potential benefits of a BYOD policy. Some BYOD business benefits include:
- Increased worker satisfaction. Employees like using devices they’re used to, know how to work, and prefer a familiar operating system.
- Saving money. Employees pay for their own devices and the maintenance that goes along with them when a BYOD for small business program is in place.
- Increased productivity. Employees are used to their own devices and therefore will be more productive when using them. Their personal data and settings may expedite workflow.
- Less IT involvement. Having a BYOD policy means employees take care of their own device’s maintenance, which requires less involvement and work from the information technology’s (IT) department. This can help to increase the IT department’s productivity.
- Increased employee engagement. When employees use their own mobile devices and management tools on personal computers, they are more likely to work outside the office. They are also more likely to engage with each other outside of the office, which increases productivity and employee relations.
2. Be realistic about security and support when it comes to a BYOD policy.
Realize that BYOD policy employees won’t be as effective as in-house or out-sourced experts when it comes to securing and maintaining their devices. This poses the risk of data loss during a hardware malfunction or in the case the employee decides to leave the company. “You can say ‘bring your own support,’” Lahav says. “But that’s not recommended. It still keeps the security hazard out there.”
In addition to lax security, Lahav adds, you’ll find that self-supported users on a BYOD policy aren’t likely to be able to connect to a company network or otherwise use their devices as effectively for business purposes compared to those with more support.
However, when employers don’t budget to protect company data from a BYOD policy’s vulnerabilities or advise employees how to use them, BYOD brings security and support problems that neither small firms nor individual employees are well-equipped to handle. Sensitive data may be exposed in an unsecured employee smartphone that isn’t password-protected, or a customer won’t be served because an employee can’t figure out how to use his or her new tablet to pull up price quotes. “It’s a complete headache,” Lahav says. It’s also a headache that many small business owners prefer to ignore.
Security threats you may face with a BYOD policy are:
- Unsecured wireless networks. When employees with a BYOD policy use their mobile devices outside of work in an unsecured wireless network, security breaches may occur, resulting in corporate data loss.
- Data leakage. Mobile devices and tablets are vulnerable to security attacks, especially when used on unsecured networks. BYOD policies allow important company information to travel with employees, increasing vulnerability.
- Malware. This can be installed unknowingly onto a person’s device threatening the security of your company’s important information.
- Stolen or lost devices. To be prepared in the event of a stolen or lost device that’s used on a BYOD policy, you’ll want to safeguard all information. One way of doing this is by using encryption tactics. Encryption involves turning data into code, to help keep it secure. Those with unauthorized access will not be able to access the code. This can ultimately decrease security threats and breaches, and increase BYOD business benefits.
Educating employees on how to protect their devices will decrease the total number of threats to your business. Employees should secure their devices by:
- Using strong passwords and having all devices be password protected.
- Ensuring they use protected and secure Wi-Fi connections.
- Encrypting their device.
- Installing antivirus software on their personal devices.
- Backing up their company data regularly.
- Keeping their device and operating system updated.
3. Tap into natural social support for more BYOD business benefits.
Employees possess significant collective expertise as day-to-day users of their own devices, Lahav notes. Have employees who carry similar smartphones, tablets, or other devices talk to each other to help solve security and use problems. “Those people can help one another, although IT is not the core of their business,” she says.
You can work with your IT department or consultants to establish your BYOD policy. When crafting your BYOD policy be sure to:
- Specify what devices are permitted on your BYOD policy. For instance, you will want to decide if mobile devices, laptops or iPads are allowed as well as other devices.
- Lay down a security policy. Security policies can include requirements about what Wi-Fi networks you can connect to and where you can connect to them. It can also outline where company data from BYOD devices is stored and what software is required.
- Outline that you own the personal information stored on the servers that employee’s access with their devices. This can come up when a phone needs to be wiped due to a breach or employee termination and there are personal pictures and other personal data included on the phone.
- Ban certain apps. Apps that don’t align with your BYOD policy should be banned and communicated to employees. Apps that are frequently banned in the office include Dropbox and Google+.
- Establish an employee exit strategy. This will outline the removal of access tokens, email access, company data, and other proprietary applications and information when an employee leaves the company or upon employee termination. You may want to include that you can remotely wipe a device if necessary.
4. Require some security on a BYOD policy.
JD Sherry, vice president of technology and solutions for Tokyo-based Trend Micro, suggests that personal smartphones that are used to tap company networks be required to carry security software that can detect and deter malware that could steal login information or other sensitive business data. “That has to happen to make the small biz owner feel comfortable,” Sherry says.
For Androids, security software apps that are successful at detecting malware include:
- Trend Micro Mobile Security and Antivirus
- Avast Mobile Security
- Avira Antivirus Security for Android
For iPhones, you can use:
- Avira Mobile Security
- Mobile Security and Anti-Theft Protection for iPhone
- Lookout Security & Identify Protection
Security tips for a BYOD for small business policy
- Secure access controls with strong passwords. This is a fundamental and basic step to securing any device. Make sure that your passwords are unique and difficult to crack.
- Secure your wireless network. Your employees should only use secured and trusted wireless networks. In addition to this, you can set up notifications for users when they enter a new network. This way they won’t connect to any unsecured networks unknowingly.
- Control access. Your IT and security departments can enable access control features. These will control access and app permissions. This allows the app to access only what is needed to function and nothing extra.
- Back up device data. This helps protect you from security breaches and threats. This is also useful when an employee’s phone is lost or stolen, in order to prevent data loss.
- Run antivirus software. Your apps should be protected with antivirus software. This software detects and removes malicious or harmful malware that can breach security.
At a minimum, small businesses should understand that if a BYOD policy doesn’t present security problems now, it will soon. “Reality is that cyber-criminals are fully migrating to mobile device platforms,” says Sherry. That means that all the security and support problems that have plagued desktop business systems are or will soon be found on personal devices used to access business data. That means something has to be done when implementing a BYOD policy. And fortunately, it can be, as long as small business owners are talked to about it in ways they can understand, so they can enjoy all the BYOD business benefits possible.