SMB owners are loath to embrace BYOD due to security risks.

Security Threats Pose Big Hurdle for BYOD

August 19, 2015 Tech4BusinessNow Article

One-third of SMB owners say they refuse to support BYOD due to security risks, but creating concrete policies and educating workers can mitigate the dangers.

By Preeti Upadhyaya

Today, it’s hard to imagine a time when we weren’t all walking around with tiny computers in our pockets. Smartphones and tablets have become enmeshed into the fabric of our daily lives—and that trend has helped shape its own movement in the tech world: BYOD, or Bring Your Own Device, where workers bring their own personal devices for business use at many workplaces.

But convenient as it is for workers, BYOD brings with it concerns for business owners. Even as 59% of businesses surveyed by Penton Research in July said they allowed employees to use their personal devices for business purposes, one out of three businesses said they refuse to support a BYOD policy at the workplace.

Why? The main reason for banning BYOD is a perceived security threat, with 58% of companies at least moderately concerned, according to the survey.

Bob Egan, founder and CEO of the Sepharim Group, a mobile industry research and consulting firm, says he’s not surprised at the survey’s findings. Companies are used to having their IT department distribute hardware to employees and making sure these devices are up and running, he says.

“When people started bringing in their own phones and tablets, they had the same expectations that IT could support these devices,” Egan says. “But these resources weren’t widely available, and IT pros weren’t trained to support all different kinds of devices.”

One of the biggest security issues that BYOD introduces is around protecting sensitive data. It’s not difficult to imagine all the problems that might arise if, for instance, an employee leaves his or her smartphone in a cab, and sensitive emails are left open to view. Or, a recently departed employee can potentially still have access to company data stored on his personal smartphone long after he’s left the company.

Such security issues become more likely to affect company data when employees bring their own devices into the workplace and fail to comply with data security protocols to protect sensitive information.

The most direct way to mitigate such data breaches is to have a firm BYOD agreement in place, according to research firm Gartner. And this policy shouldn’t come only from the IT Department—it’s important to involve other stakeholders at the company, such as the HR and legal teams, to ensure that the policy adheres to any relevant compliance rules or regulations.

Educate employees

Once a holistic BYOD policy is put in place, it’s equally important to educate employees about it and make sure they are complying. Gartner’s Meike Escherich, a principal research analyst, explains that creating and enforcing effective BYOD policies is particularly challenging for small companies.

“Many enterprises (especially in the smaller and midsize sector) lack the proper organizational structures to create these policies and must reorganize to provide the necessary governance for a successful mobility implementation,” Escherich says. Read Escherich’s post on BYOD security risks.

Cyber-attacks on mobile devices are another security concern, and can be particularly devastating for small companies. The recent Stagefright bug, which allows hackers to access Android devices through a simple MMS message, is the latest example of how companies are vulnerable.

It’s critical for a company’s IT department to stay updated on any and all patches and security updates that software providers, such as Google and others, unveil. However, with thousands of versions of Android floating around on countless smartphones and other devices, responding to a cyber-attack such as Stagefright is an uphill battle for small businesses.

These ever-present security gaps, Egan says, are forcing companies to rethink how they manage employees’ devices in an age when personal smartphones and tablets have become ubiquitous in the workplace.

“We’re moving from an environment dominated by company-owned, Windows-based devices to a more hybrid environment,” Egan says. “Even with company-owned devices, they come with work-related applications pre-installed but they also allow users to put personal photos and other data on the device.”

Egan says companies have a long way to go to fully address security concerns in this new age of company and personal devices being used interchangeably at the workplace.

“Companies still need to evolve their security solutions to cater to mobility,” Egan says. “Consumers want more convenience, flexibility, productivity, and work-life balance, but they also want to go to their IT department and get any problems solved.”

To accomplish this, Egan says companies should focus their infrastructure, access, and overall security strategies to be more agile and help people get more things done faster and easier.

“Universal email accessibility is a great example,” he says. “Everybody needs to be able to check email, and people are increasingly doing it remotely and on the go.”

Egan says that many companies are still not there when it comes to supporting a hybrid-device environment, and that the challenges come down to resources.

“IT departments are still trying to work things out like time management, quality management, and scheduling the support that’s needed around all these new devices,” Egan says. “It really all boils down to staying one step ahead of what users need.”

This article was underwritten by HP: Introducing HP BusinessNow, the right technology to help your business grow. To register your business for a $25,000 tech makeover please visit: http://www8.hp.com/us/en/solutions/businessnow/contest.html