Improvement in Processes
BYOD security is two-fold. Firstly, security starts with the device itself. This includes screen-lock, pin codes, and data encryption. Secondly, BYOD policies must be in place that includes anti-virus and preventing jail breaking. This provides a baseline foundation for compliance between the company and the employee that says these devices must participate safely on our network. Additionally, this gives employees the freedom of choice when it comes to their device.
Another point to note when it comes to implementing processes is that there is no exception. Reports have shown that some C-level executives are an exception to the rule, essentially an open invitation for data loss and serious compliance issues. C-levels will have access to the most critical data and giving them exceptions to BYOD policies are a security risk that could backfire in a big way.
Improvement in People
With baseline processes in place, changing your employees' mindset to place security as a priority through educating them on policies and guidelines are equally important to manage expectations and avoid abuse. Employees who do not have a security mindset are typically reactive, complacent, or simply unaware when it comes to potential security problems. This attitude frequently places the organisation at risk.
Some examples of lack of vigilance include leaving sensitive information unguarded in a public area, assuming that data and knowledge are secure within the organisation.
When employees adopt a security mindset, they are armed with the knowledge to think about security in a proactive and adaptable way, mitigating any security incidents. Other benefits include being more wary of data leaks, proper evaluation of vendors to ensure they adopt security best practices, and compliance with company standards for personal devices.
Improvement in Technology
With the right processes and employee mindset in place, another key consideration is deploying the right technology offerings in the right place, right when employees need them.
For example, looking at network traffic flow can help understand user behaviour anomalies on the network and take action immediately if something appears out of place. Other technologies available can deal with spam and phishing attacks. Alternatively, businesses could implement mobile device management (MDM) technology to enable remote-wipe capability in the event that the device gets lost or stolen.
Will BYOD Increase or Reduce Costs?
If you think about the three aspects described in this article - processes, people, technology - this gives businesses a firm foundation for protecting users, their personal devices, as well as our data. More importantly, the simplicity of these three things cut through the marketplace clutter to give businesses a headstart in implementing BYOD.
While the debate between BYOD increasing or reducing cost continues, I believe that if executed properly and thoughtfully, BYOD will help reduce cost with the bigger benefit of providing employees better job flexibility, productivity and satisfaction.
Sign up for CIO Asia eNewsletters.