Two schools of thought have emerged around the practice of “BYOD” – allowing employees to use personal mobile devices for business purposes. BYOD advocates say the practice allows companies to avoid the expense of buying, providing service for, and maintaining a fleet of company-owned devices. Detractors argue that BYOD amps up a company’s already-high risks of experiencing a data breach.
The truth of BYOD lies somewhere between the two opposite opinions. BYOD can save your company money, but it can also expose your business to costly cyber-security risks. The only way to make BYOD truly work for your company is to take steps that will mitigate those risks – such as having a data breach response plan in place.
We know from experience that data breaches are inevitable, no matter how proficient you are in trying to prevent them. Using unmonitored devices without the safety net of a breach plan can make a breach happen faster and allow it to cause extensive damage.
Hackers and other cyber crooks have set their sights on mobile devices – mobile malware attacks have risen 200 percent since 2011, according to mobile Internet services provider NQ Mobile Inc. Yet multiple studies indicate that many mobile users, both corporate and individual, routinely fail to take steps to protect their devices, foregoing simple cyber security measures such as password protection, data encryption and anti-virus software. What’s more, a company’s data breach protections – that already may be inadequate – often don’t extend to employees’ personal devices.
Businesses that allow employees to use their own unsecured devices to access and manipulate sensitive data over corporate systems are almost certainly elevating their risk of experiencing a data breach. And the true cost of such a breach goes far beyond money.
In addition to lost business, loss of public trust, and real financial losses, business data breaches expose companies to fines and penalties if they fail to promptly and properly notify affected consumers.
Before allowing employees to use personal devices, your company should critically assess its existing cyber security measures, plug all security holes, establish strict rules on how employees will be allowed to use devices, and implement a comprehensive remediation plan to handle the aftermath of any data breach.
We are convinced that it’s no longer a question of “if” a company will experience a data breach, but “when” a breach will occur. Businesses that take a hands-on approach to cyber security and BYOD improve their chances that the breach won’t be because of an unsecured personal device. And those that have a response plan in place will be better positioned to retain customer confidence and cut data breach costs when an incident does occur.