There are several security issues small business owners need to think about when implementing a BYOD (Bring Your Own Device) program and policy. You lose control of the IT. PC World says, “Company-issued IT typically comes with an acceptable use policy, and it is protected by company-issued security that is managed and updated by the IT department. It is a little bit trickier telling an employee what is or is not, an ‘acceptable use’ of their own laptop or smartphone.”
Employees can lose devices containing sensitive data, and retrieving company data in the event of a dismissal or resignation can be difficult.
Herb Hogue of En Pointe Technologies was kind enough to send us some tips for small businesses that are thinking about allowing employees to bring their own device to work. Check it out:
Control Without Limitation. Employee device security can be an issue for IT departments of all sizes. Controlling the access to important data without limiting your employee’s use of their personal applications is an issue that affects both small businesses and the enterprise. The difference is the amount of resources available to monitor and protect those devices that are being connected to the company’s infrastructure.
Security. A proactive approach to security will help protect small businesses from the costs associated with loss data or downtime due to malware. An Endpoint security protection suite combined with firewalls, intrusion prevention and a centralized management console will give the ability to monitor and protect a company’s network, as well as run reports to pinpoint areas of vulnerability. Employee device issues with ever changing devices and new security risks require that security training and enforcement of company policy are integral to keeping companies protected.
An Effective Policy. An effective policy for employee device programs is one that protects the employers as well as offers the freedom that the employee desires to perform their job effectively. Things to consider when putting together a policy are:
- Who is using the device? Role and responsibility will determine what informational access they need.
- Can you limit their access without limiting the employee’s productivity?
Define Responsibility. For a small business, it is important to make clear what is being handled by the company and what is the responsibility of the employee who owns the device. What devices and operating systems will be supported by the company? Do you have the expertise on staff to offer support and will your IT staff be able to handle the additional calls? Can you put together a website to help assist your employees with low level issues they can solve on their own?
Understanding and Enforcing Policy. Make sure that your employees understand the employee device policy and are well versed in the security applications mandated by your company. Enforcement of the policy and the ability to change the policy as new situations arise will ensure the success of the program.
We’ve offered a lot of tips and advice on the BYOD movement in past articles on Smallbiztechnology, so check them out if you are considering implementing this into your business.
You could also consider an alternative to an employee device program, which we’ve covered before, called COPE (corporate-owned, personally-enabled). COPE “is a plan you make with a wireless management firm to order smartphones for your employees,” says our own Miguel Leiva-Gomez. “Some companies already issue mobile devices to their employees, but COPE handles this process differently.” Check out our previous coverage for more.
Let us know in the comments about your experience with employee device programs!