Staff must be trained to handle BYOD policies

BYOD policies continue to put networks at risk

With bring your own device (BYOD) employees can, within reason, use the device they truly want. Windows Phone fans can go with a Nokia Lumia, Apple fans an iPhone, while Google lovers can opt for one of the myriad of Android devices on the market.

On the tablet side, one can go with an iPad, a Kindle Fire or another Android tablet, or Windows tablets like the Surface. However, all this personal choice comes at a cost. And with the rise of BYOD, these costs are going up.

BYOD concerns fall into four major categories:

  • Security (including Wi-Fi exploits)
  • Bandwidth Abuse
  • Data Leakage
  • Support/Help Desk Headaches

BYOD remains relatively uncharted IT territory. Combine BYOD unknowns with Wi-Fi uncertainties and you could have real security problems, as the results of a GFI Software survey amongst 1,000 workers in the UK revealed.

Running risks

A staggering 100% of those queried said they use open public Wi-Fi for work activities – and much of this access is from personal devices that likely have a lower level of installed or enabled security than company-issued machines.

Furthermore, 20% of mobile devices have no security enabled; while just 5% have corporate security policies enforced on their devices. While public Wi-Fi presents major security concerns, corporate Wi-Fi presents both security and bandwidth challenges.

More devices on the network means more casual bandwidth being consumed. This can have serious productivity implications. When the network is being saturated with BYOD traffic, it slows to a crawl when trying to serve business needs.

A BYOD environment consists of different machines and operating systems, which all have to be as well protected as company-owned assets. That means they need to be safe from malware, have up-to-date systems software including fixes, and need to be regularly monitored with the ability for IT to take action if the device is stolen, lost or otherwise compromised.

Employers must take initiative

That said, you can have all the best mobile device security and management tools in the world, but without a clear policy and training, it may all be for nothing. Companies with serious security restrictions may opt to not allow BYOD but most businesses are better served allowing some BYOD use.

Not letting employees use their own devices can be a real morale killer. Doing BYOD right means having a policy, training users on it, and sticking to it. A well-designed and implemented policy can help mitigate these issues:

  • Hacker access to a network
  • Infecting a network with viruses and malware
  • Failing to follow compliance regulations, opening a firm up to fines and lawsuits
  • Data theft and improper distribution of confidential information
  • Misuse of BYOD creating help desk nightmares

There are more privacy issues involved in BYOD, as these are employee-owned machines and perhaps should not be monitored and controlled the same way a company-issued PC or device might be. You must tread far more carefully when personal data is in play, even if you intention is to delete confidential company material that may be misused.

Policies are all well and good, but they only work when backed up with training. Users should understand how to create strong passwords and regularly change them, how to lock a device, how to manage security settings, how to use encryption, and how to handle company data.

  • Doug Barney is senior research analyst at GFI Software. Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review.