As the use of mobile devices at work grows, so does the popularity of bring your own device (BYOD) policies amongst startups. A BYOD policy can have many advantages for a company that is just starting out, such as increased productivity, better employee satisfaction and lower technology expenses as the employees themselves pay for the cost of the devices they use.
However, startups need to consider several issues before rolling out a BYOD policy. Allowing remote access to business data and other digital assets already comes with its own set of security concerns. Having employees use a device that they choose and own simply adds to them.
To minimize the associated risks, there are a couple crucial things to think of when creating your BYOD policy.
Any BYOD policy should be limited to devices approved by the startup. This is necessary to ensure compatibility with any internal or third-party applications used on the job. It also makes it easier to manage security-related issues.
The policy should also clearly explain which charges associated with the use of devices will be reimbursed by your startup and which ones won’t be. Furthermore, a plan should be made to address issues of broken or malfunctioning devices.
Allowing rooted or jailbroken devices under your BYOD policy is always seen as a bad idea. Rooting or jailbreaking involves bypassing restrictions imposed by the mobile operating system to run and is often done with the goal of running advanced or unofficial applications. As the process also defeats several built-in security features, such devices are more vulnerable to malware, rogue apps and security exploits.
Business and personal data should be kept separate as much as possible. This is made easier in recent times as there are many apps that can separate any data they use from the rest of the information on the device. Any business data stored on the device, whether temporarily or permanently, should be encrypted to prevent unauthorized access if a device is compromised.
Employees should be provided with clear guidelines over who owns the data on their devices. They should also be informed that the startup reserves the right to remotely wipe all data from devices should they be reported as lost or stolen. Employees should be informed as to how they can make backup copies of their personal data to prevent this from becoming a problem.
Every time a device connects to your startup’s network, it has access to a wide range of sensitive information. If the devices fall into the wrong hands, that data could get compromised. A very simple way to prevent unauthorized access to data is to set up a screen lock password. While it’s a very simple security measure, many users overlook it. Whenever possible, apps that give access to business data should be individually protected with their own passwords too.
The BYOD policy should also require all devices to have an approved security and antivirus app installed at all times, plus specify the firewall and device security settings employees should use. All security software needs to be upgraded to the latest version as soon as one comes out
To further boost security, access to your startup’s network should only be done through an encrypted virtual private network (VPN), which prevents any data from being intercepted as it travels over the mobile Internet. A VPN should especially be used when employees are connected to public Wi-Fi hotspots, which are not safe for accessing sensitive data.
There are plenty of mobile applications in all categories across the popular iOS and Android mobile platform. This comes with some unique challenges for anyone implementing and managing a BYOD policy. Some applications could obtain access to data on the device, including sensitive business data, thus causing exposing it to unauthorized access.
Your startup should provide clear guidance to employees as to which apps are allowed and which specific apps or categories are prohibited. Your employees should also know that the list of prohibited apps may be updated at any time by your startup’s IT department. This can happen if a new app hits the market, or if a security vulnerability is discovered in an existing mobile application.
In the context of a BYOD policy, an exit strategy addresses what happens to devices when an employee leaves the startup. You should have an efficient way to terminate access to all business resources, plus remove any proprietary applications, documents and other company data from the devices.
The best exit strategies involve having a way to back up the user’s personal data, then performing a clean wipe of the device. Doing so removes all sensitive data from the mobile device in a way that can’t be later recovered.
A growing number of startups are adopting a BYOD approach to mobile technology. While it has many advantages, BYOD also creates some unique security challenges that need to be addressed before employees are allowed to use their personal devices to access data on the company’s network. The startup’s management and senior IT staff therefore need to come up with a clear BYOD policy allowing efficient use of personal devices, while minimizing the possible security problems.
About the Author
Lisa Michaels is a freelance writer, editor and a striving content marketing consultant from Portland. Being self-employed, she does her best to stay on top of the current trends in the business world. Feel free to connect with her on Twitter @LisaBMichaels.