More and more companies are seeing the benefits offered by bring your own device (BYOD) policies. In fact, over 67 per cent of employees in the US use their own devices while at work. These can help reduce a business' cost by allowing employees to use their own smartphones, laptops and tablets for work, getting rid of the need to provide devices.
While the trend is likely to continue to grow, it is important to consider how to balance BYOD security and employee privacy. After all, you want to allow employees to access their own accounts on their devices, but you also need to ensure that privileged information is fully secure.
This means finding a balance between security and privacy that ensures employees can still use their own devices whilst also maintaining some level of control over them. But to do this, which should you place first; employee privacy or the security of company data?
Management is vital
With the range of different ways company data is accessed when there is a BYOD policy in place, it is crucial that this data and how it is used is managed. As Computer Weekly points out; data is vulnerable when it is accessed across various networks, through a range of applications and on different devices, which can mean that sensitive company information is not as secure as it needs to be.
This is why you need to ensure a management plan is in place that sets guidelines for how data is accessed and saved. This can include specific apps or software, which should then be provided by the company, as well as regulations on handling data.
Management plans must also include steps to check whether data is being accessed, saved or used incorrectly. This requires employees to agree to the monitoring of their devices or some form of check to be carried out either regularly or when you have reason to believe there is an issue. This can often cause friction, but ensuring that only the software, apps, folders and accounts that are used for work are monitored helps to maintain privacy while still dealing with security.
Employees retain rights
Currently, there is no legal regulations surrounding BYOD policies, which can make them difficult ground to treat for businesses. However, employees do have rights over their devices and data, which companies need to take into account.
E-Commerce Times reports that employees are entitled to protect their own data on their devices and so should be included in decisions made about them. This means that they need to agree to the possibility of a remote wipe and this can't be set up without this agreement. As this ability is vital for the protection of company data, especially if an employee leaves or is terminated, giving guidelines on backing up all personal data in case of a wipe can help ensure employees don't lose anything they need.
Employees also have the right to download and use safe apps and programs, although organizations can set rules that state company data cannot be accessed on unapproved apps. Similarly, they can choose not to have extra security measures in place on their devices, which can leave them vulnerable. In this instance, companies can offer to provide security packages or software that features extra levels of encryption for data.
While employees do retain certain rights surrounding the use of their own devices, companies are also able to say how their data is accessed. This means that if there are concerns about a device or an employee's use of it, an organization can request that they take steps to improve security or cease to use the device. However, an appropriate alternative device will need to be provided.