BYOD: A Threat to Data Security and Privacy Protection?
As BYOD becomes more prevalent, so does the need for leaders to discuss its security challenges.
Since the pandemic, there has been a rise in personally owned devices in the workspace. As businesses went remote, many who did not have access to company-issued technology turned to their own devices for work-related tasks. Aaron Kiemele, chief information security officer at JAMF, shares how companies can protect their data and privacy while still benefiting from a bring-your-own-device model.
According to Mordor Intelligence, 85% of organizations implemented BYOD (bring your own device) policies because of the COVID-19 pandemic. With the modern work environment heavily shifting to remote or hybrid working models, organizations are looking for solutions when it comes to BYOD.
Employees Work Best On Devices They Feel Comfortable
BYOD is a policy that allows employees to use their personally owned devices for work purposes, including accessing work applications such as email, instant messengers, and CRMs, as well as taking business calls. Overall, sentiment towards using your own personal device is overwhelmingly positive, with employees preferring to use a device they are familiar with. In fact, a recent Jamf study on employee choice found that 87% of respondents said that choosing their work device was important to them. An additional 89% of those surveyed expressed that they would be willing to take a pay cut to choose their own technology. Employee choice has never been more important to organizations as they know it’s an important time to focus on staff retention and improving employee happiness. To stay competitive in the employment market, it pays to think about every employee benefit you can. It can also help lower costs and avoid the dreaded double phone scenario.
Personal Devices Need to Be Protected – As Does Privacy
As BYOD becomes more prevalent, so does the need for organizational leaders to discuss its security challenges. As employees increasingly access corporate applications and conduct business activities from various locations and devices, software must be installed to enforce security policies to ensure that company data on the device is secure. This could include a device management solution, a remote access solution, authentication requirements, malware protection, and more.
Therein lies the challenge of choosing between security and privacy, as these tools can make employees feel like their privacy on their personal devices is being violated. For the individual, it is the risk of over-privileging the company, granting them rights to your confidential information and behaviors on your phone through location tracking, web filtering, or the ability to view, add or delete data.
This has resulted in many employees carrying multiple devices, one for personal and one for business use. Apart from being an inconvenience to employees, this can also lead to risk for the company – the risk of data loss or movement of the intellectual property onto an unmanaged device if carrying two becomes too inconvenient. It is not even primarily an issue of malicious actors, who do exist, but more of if your data goes someplace, you cannot control it, you might as well have left it on a park bench or in a taxi – you can’t protect that data on an unmanaged device. Both sides have real issues that need to be managed. The employee doesn’t want to cause a data breach accidentally, and the company doesn’t want to invade the employee’s privacy as that runs both a moral and regulatory risk.
See More: Data Clean Rooms: A Secret Weapon Against Data Breaches and Data Security Vulnerabilities
Promote Security While Protecting Privacy
Technology partners are increasingly thinking about the privacy issue, resulting in vendors like Apple announcing new features like Service Discovery that focus heavily on security and privacy and change how end users can enroll their personally owned devices in management software while separating their personal from corporate data.
There’s a need to fully embrace service discovery and move beyond basic mobile device management (MDM) to create solutions that address these issues and combine three critical BYOD success factors: consumer simplicity, personal data separation and zero-trust network access. This helps IT strike a balance between enterprise security and keeping employees’ personal data private. Segmentation between work and private data works in a trusted and private environment allowing the management of work-related apps and the ability to measure, retain, or destroy sensitive information in accordance with the organization’s data retention policy.
How to Develop a BYOD Workflow and Policy that Works for Everyone
Any employer, regardless of size, can benefit from creating a system to manage and protect their data while ensuring employee satisfaction. The key is to listen to your employees and consider their needs in a transparent way, both a need for privacy and a need for productivity – there is a balance to be found there. Then, find a technology partner that can help you create clear segmentation of services on the device and data in transit.
This can be done by associating a personal Apple ID with personal data and a Managed Apple ID with corporate data and allows for purposeful management of devices using a set of configurations that associate management with the user, not the entire device. The employee goes to General Settings on their device, and from there, the user chooses VPN and Device Management and simply taps on “sign in to work or school account.” Account-driven user enrollment provides users with a more streamlined enrollment, better security – because no organizational URL is needed to enroll – and the right balance between IT managing corporate data on personal devices while adhering to employee privacy.
As employees expect more flexibility for their remote and hybrid experiences, BYOD is a successful option to bring to the table without hindering privacy, security, or costs. It’s important to keep learning from employees and listening to feedback to embark on the future trends of BYOD.
Do you have a BYOD policy at work? Tell us about your experience with it on Facebook, Twitter, and LinkedIn.
MORE ON DATA SECURITY:
Image Source: Shutterstock
