Many companies have embraced the Bring Your Own Device (BYOD) trend in recent years. The research firm Gartner called BYOD the “single most radical shift” in business since the introduction of the PC. In response, many companies are developing carefully constructed BYOD security policies that are practically flawless, except for one glaring hole, most employees don’t follow them.
The Biggest Danger
Organizations are increasingly concerned about the risks of employees using personal devices for work functions. These problems range from complicated malware attacks that target enterprise data on personal devices to simply leaving a phone or tablet on the subway or bus. Perhaps the most insidious risk, however, is the fact that employees simply don’t feel beholden to BYOD policies and don’t take BYOD secu.
A recent survey by identity services provider Centrify found that 15 percent of the 500 enterprise employees surveyed felt they had little to no responsibility to protect employer data stored on their personal devices. Even the best and most comprehensive BYOD policies cannot protect corporate data from falling into the wrong hands if employees are simply non-compliant with these security standards. So how can organizations protect their data if employees don’t take the risks seriously?
There are a few steps employers can take to protect themselves and their employees, even in the face of BYOD policy non-compliance. Software that can remotely manage smartphones and other mobile devices, such as the mobile device management software from BlackBerry, gives employers the ability to protect their data should a mobile device become compromised. This software allows employers to lock or even wipe a device remotely, as well as choose security levels and permissions that prevent employees from downloading insecure apps and content. It can also separate personal and work data to protect secure information without impacting a device’s normal functionality.
Education and Training Solutions
One of the strongest tools available to any employer who has created BYOD policies for employees is education. Consider this: The recently revealed Heartbleed bug in OpenSSL encryption caused nearly half a million Internet servers to be vulnerable to cyber attacks, and yet a poll released by the Pew Internet Research Center found that only 39 percent of users who had heard of the Heartbleed bug changed personal passwords or deleted accounts. The other 61 percent that didn’t bother to change their passwords might very well be your employees.
Train and inform employees about the very real risks that their professional and personal data are threatened by every day. If employees are worried about their personal email accounts being hacked, they’ll take steps to protect themselves and in turn behave more responsibly. Remember, many viruses are inherent in many free third party apps as well. This information might make employees think twice before downloading another Flappy Birds clone that might be poised to steal important company data.
Finally, employers that choose to include BYOD policy compliance as part of performance and even compensation reviews drive home that real compliance requires more than just signing ones name at the end of a document. If the risk of losing vital corporate data doesn’t catch their attention, the chance of not getting a raise might.