As smartphones, laptops, and tablets become more engrained in our society their impact on small businesses has increased. In fact, most of your employees probably own a smartphone and prefer to use it over a company phone.
In response to this growing trend, a recent survey found that 59% of organizations have Bring Your Own Device (BYOD) policies in place with another 13% planning to implement a policy in the future. This means, that as an IT consultant or advisor you may want to advise small business owners on instituting a secure (BYOD) policy, to help protect their business. To get started, you can consider these four tips.
1. Encourage business owners to embrace BYOD for its benefits rather than trying to prohibit it.
“If you go to any convention where BYOD is being dealt with or spoken of, the initial response is to ban them,” Sarah Lahav, CEO of Tel Aviv, an Israel-based help desk software maker says. “But realistically, you can’t.” For instance, 96 percent of employees check e-mail using mobile devices, according to the study by Sage, an Irvine, California-based business management software firm. And there is no practical way for employers to stop workers from using personal devices to email through web-based services such as Gmail.
However, BYOD policies do not have to be bad for business. “Business owners like BYOD because it reduces the cost of buying, securing, and supporting mobile devices while maintaining the ability to flexibly respond to customers,” says Lahav.
With this in mind, you may want to consider the potential benefits of BYOD policies even closer. Some benefits include:
- Increased worker satisfaction. Employees like using devices they’re used to, know how to work, and prefer.
- Saving money. Employees pay for their own devices and the maintenance that goes along with them.
- Increased productivity. Employees are used to their own devices and therefore will be more productive when using them.
- Less IT involvement. Having employees take care of their own device’s maintenance, will require less involvement and work from the information technology’s (IT) department. This can help to increase the IT department’s productivity.
- Increased employee engagement. When employees use their own mobile devices, they are more likely to work outside the office. They are also more likely to engage with each other outside of the office, which increases productivity and employee relations.
2. Be realistic about security and support.
Realize that BYOD users won’t be as effective as in-house or out-sourced experts when it comes to securing and maintaining their devices. “You can say ‘bring your own support,'” Lahav says. “But that’s not recommended. It still keeps the security hazard out there.
In addition to lax security, Lahav adds, you’ll find that self-supported users aren’t likely to be able to connect to company networks or otherwise use their devices as effectively for business purposes compared to those with more support.
However, when employers don’t budget to protect company data from BYOD vulnerabilities or to advise employees how to use them, BYOD brings security and support problems that neither small firms nor individual employees are well-equipped to handle. Sensitive data may be exposed in an unsecured employee smartphone, or a customer won’t be served because an employee can’t figure out how to use his or her new tablet to pull up price quotes. “It’s a complete headache,” Lahav says. It’s also a headache that many small business owners prefer to ignore.
Security threats you may face with a BYOD policy are:
- Unsecured wireless networks. When employees use their mobile devices outside of work in an unsecure wireless network, security breaches may occur.
- Data leakage. Mobile devices and tablets are vulnerable to security attacks, especially when used on unsecure networks. BYOD policies allow important company information to travel with employees, increasing vulnerability.
- Malware. This can be installed unknowingly onto a person’s device threatening the security of your company’s important information.
- Stolen or lost devices. To be prepared in the event of a stolen or lost device, you’ll want to safeguard all information. One way of doing this is by using encryption tactics. Encryption involves turning data into code, to help keep it secure. Those with unauthorized access will not be able to access the code. This can ultimately decrease security threats and breaches in small businesses.
Educating employees on how to protect their devices will decrease the total number of threats to security your business encounters. Employees should secure their devices by:
- Using strong passwords.
- Ensuring they use protected and secure Wi-Fi connections.
- Encrypting their device.
- Installing antivirus software.
- Backing up their data regularly.
- Keeping your device updated.
3. Tap into natural social support.
Employees possess significant collective expertise as day-to-day users of their own devices, Lahav notes. Have employees who carry similar smartphones, tablets, or other devices talk to each other to help solve security and use problems. “Those people can help one another, although IT is not the core of their business,” she says.
You can work with your IT Department or consultants to establish your policy. When crafting your policy be sure to:
- Specify what devices are permitted. For instance, you will want to decide if mobile devices, laptops or iPads are allowed as well as other devices.
- Lay down a security policy. Security policies can include requirements about what Wi-Fi networks you can connect to and where you can connect to them. It can also outline where data from BYOD devices is stored and what software is required.
- Outline that you own the personal information stored on the servers that employee’s access with their devices. This can come up when a phone needs to be wiped and there are personal pictures and other data included on the phone.
- Ban certain apps. Apps that don’t align with your policies should be banned and communicated to employees. Apps that are frequently banned in the office include Dropbox and Google+.
- Establish an employee exit strategy. This will outline the removal of access tokens, email access, data, and other proprietary applications and information when an employee leaves the company.
4. Require some security on BYODs.
JD Sherry, vice president of technology and solutions for Tokyo-based Trend Micro, suggests that personal smartphones that are used to tap company networks be required to carry security software that can detect and deter malware that could steal login information or other sensitive data. “That has to happen to make the small biz owner feel comfortable,” Sherry says.
For Androids, security software apps that are successful at detecting malware include:
- Trend Micro Mobile Security and Antivirus
- Avast Mobile Security
- Avira Antivirus Security for Android
For iPhones, you can use:
- Avira Mobile Security
- Mobile Security and Anti-Theft Protection for iPhone
- Lookout Security & Identify Protection
Security tips for BYOD policies include:
- Secure access controls with passwords. This is a fundamental and basic step to securing any device. Make sure that your passwords are unique and difficult to crack.
- Secure your wireless network. Your employees should only use secured and trusted wireless networks. In addition, to this you can set up notifications for users when they enter a new network. This way they won’t connect to any unsecure networks unknowingly.
- Control access. Your IT and security departments can enable access control features. These will control access and app permissions. This allows the app to access only what is needed to function and nothing extra.
- Back up device data. This helps protect you from security breaches and threats. This is also useful when an employee’s phone is lost or stolen.
- Run antivirus software. Your apps should be protected with antivirus software. This software detects and removes malicious or harmful malware that can breach security.
At minimum, small businesses should understand that, if BYOD doesn’t present security problems now, it will soon. “Reality is that cyber-criminals are fully migrating to mobile device platforms,” says Sherry. That means that all the security and support problems that have plagued desktop business systems are or will soon be found on personal devices used to access business data. That means something has to be done. And fortunately, it can be, as long as small business owners are talked to about it in ways they can understand.