These days it’s not uncommon for employees to bring in their own laptops, iPads, and other devices to use for work purposes. However, a recent article published by the Society for Human Resource Management raised some interesting points employers should consider in relation to the risks associated with “bring-your-own-device,” or BYOD, policy.
The article notes that many employers with such a policy in place often state in writing that employees’ privacy will be respected, but that’s an “assurance it can’t keep in the event employer believes a workplace search is warranted” because of the risks associated with a BYOD policy – a valid point to consider as over half of companies in the U.S. allow employees to connect their devices to a corporate network.
So what risks does your business face if you have a BYOD policy in place? Below are some of the top concerns.
- The possibility of a virus entering your network because an employee downloaded a virus-ridden game or app to their device and then connected it to your network.
- Confidential reports accidentally being backed up onto a public cloud storage system, which presents an unknown level of exposure, according to Michael Suby, vice president of research for Stratecast.
- Data leakage, whether intentional or unintentional.
In order to be sure that you are able to protect your business while still allowing employees to use their own devices, there are several strategies you can put into place. For example, your BYOD policy should clearly communicate that you can review any information contained on an employee’s device that they use for work, as well as “the right to search generally only if there is reasonable suspicion of illegal activity… [or] in the absence of reasonable suspicion of illegal activity such as theft or drugs.”
Additionally, take steps to keep your network secure when accessed from a remote device that an employee uses for work. Passwords that are created specifically for logging onto the company network that are extremely difficult to decode is just one option for helping protect your system from being attacked because an employee’s personal device was compromised.