With the rapid increase in the use of mobile devices and the growth of remote and flexible working staff now expect to use their own laptops, phones and tablets to conduct business. This is known as ‘Bring Your Own Device’ or BYOD.
It’s a practice which can have both positive and negative implications for both the organisation and the employee – whether the device is brought into the workplace or used remotely. Whilst allowing personal devices to be used for business purposes care needs to be taken to protect internal services from attack from personally owned devices.
In terms of data ownership, allowing employees to put company data on a personal device, means a degree of loss of control over that data, compared with retaining it safely within the company … be it a network, in the cloud or on a company-owned portable device. An employee’s device can be difficult to monitor effectively; it can be difficult to know what data is stored on the device if lost or stolen; and when the employee leaves it could be impossible to retrieve the data. It can be difficult to encrypt personal data on an employee device … potentially contravening the Data Protection Act.
The following infographic helps with understanding the key security aspects to consider. Click on the graphic for a larger image.
Think carefully about what business information and services you want staff to access using their own devices. Your IT infrastructure should be designed so that staff can only access the information that you are willing to share. Start by:
- preventing any unauthorised devices from accessing sensitive business or personal information
- ensuring that authorised devices are only able to access the data and services you are willing to share with BYOD employees
Use these requirements to form your organisational policy for BYOD, which you should document to clarify organisation and employee responsibilities. You may want staff to sign this to show they acknowledge and understand their obligations.
If you need any advice please get in touch.
Contains public sector information obtained from the Department of Business Innovation Skills licensed under the Open Government Licence v3.0 and Get Safe Online.