We would be willing to bet your cell phone is somewhere near you right now. Mobile devices have emerged as an extension of our selves. As a result, there have been increasing numbers of organizations and corporations are increasingly embracing this shift within their workplace culture. Over the past several years, there has been an upsurge in the IT landscape of the bring your own device (BYOD) phenomena within most major companies and workplaces. Intel, Citrix Systems, Unisys, the White House, Apple are only a few of the ‘big name’ workplaces that have taken the lead in adopting BYOD.
BYOD allows employees to bring their own computing devices such as laptops, smartphones, and/or tablets to work and incorporate them into the corporation or organization network rather than using company-owned devices.
For companies employing BYOD practices, they believe in the benefits. Many companies’ goals with BYOD are to increase the flexibility, convenience, and portability of devices that cater to their employees’ workflows, which in turn, is believed to increase productivity and employee morale. More so, a study by Twentyman (2012) found that more than two-thirds of respondents attributed an increase in revenues to BYOD.
However, even when there is not explicit permission to do so, many employees are following their own form of BYOD practices. The Ovum BYOX (bring your own anything) study (Eddy, 2013) found:
- 8 percent of smartphone-owning employees use theirs for work;
- 4 percent of those do so without the IT department’s knowledge; and
- 9 percent of those do so in spite of an anti-BYOD policy.
Since 2013 when that study was conducted, the numbers are likely much larger.
Even with the benefits and number of people partaking in BYOD across the globe, many companies are choosing to avoid changing their security protocols and migrate to BYOD because they do not want to risk the increased exposure to cyber threats and data breaches. With personal and work related data being stored on a single BYOD device, IT and security departments are facing difficulty in managing the BYOD strategy and following national laws. For example, confidential Business Data like Email, documents, Reports, files, Application etc. is at risk if unauthorized access of the device takes place due to device compromised. Incident detection and accidental harm such as lost devices versus breached devise or actual versus suspected breach is also a problem. Given that the device itself is likely highly portable, there lies a risk of getting it lost or easily stolen.
To successfully implement a BYOD practice in an organizing while adhering to privacy and security concerns, we recommend first considering three important areas:
- Do you have the policies in place regarding privacy, security, and data ownership?
- Have you instilled ethical values regarding data rights and privacy?
- Do your employees emphasize the importance of safe-guarding data given to them?
When answering these questions, one must also keep in mind that the BYOD policy created must integrate into the organization’s overall policy, and there will be an employee awareness program regarding it.
While BYOD has shown several advantages such as increase mobility, job satisfaction, and productivity, there are many challenges that companies face when implementing these strategies as it relates to privacy and security (due to simple security precautions, underestimation of risks associated with content sharing, and increasingly complicated infrastructural technology).
For assistance in developing a BYOD policy, please contact KI DESIGN (firstname.lastname@example.org or fill out a contact form on this page). KI DESIGN is also uniquely able develop privacy and security policies for complex service environments, such as multi-organizational and multi-jurisdictional data initiatives. With our support you can be assured that your organization is legally compliant and accountable to the public, while allowing your organization to reap the benefits of BYOD.
Twentyman, J. (2012). BYOD: OMG! Or A-OK? SC Magazine: For IT Security Professionals. 18-23.