So if you’re contemplating the pros and cons of BYOD, and whether a Bring Your Own Device policy is right for your corporate environment, this one’s for you.
Let’s begin with the pros.
First is cost reductions for the company – based on the presumption that cost of the device and maintenance thereof is sustained by the employee. Next, the psychological aspect that since this is “my” device, it is always with me but, oh wait, I have a work email, do I reply, do I ignore it because it is after hours? Most of us do reply so we end up tethered to the office 24/7/365 – bad for us, good for the company.
Negative aspects – there are many, and predominantly in the realm of security and confidentiality (for the company I mean, and for the employee, the negative aspects far outweigh the advantages and that is one reason why I personally do not understand this trend).
So what should you do?
Evaluate the situation. Weigh the positives against the negatives.
As with every business decision; there are risks, there are possible legal, HR and personal considerations, and likely more. List also the presumed advantages; put them all on the table and measure where the scale tips. I won’t even attempt to develop that list; there is a risk analysis that needs to happen here, and that varies for each company.
Next point to consider would be some of the inherent risks of allowing employees to use their own smartphones, tablets, and other mobile devices in the company.
We need to distinguish the many aspects of this.
Bring your own laptop is not quite the same as bring your own smart phone. Smart phones and tablets are single user devices with no user privileges. You can’t logon to them, and they are not connected to any active directory. Hence, the potential damage which can arise therefrom, albeit real, will never be as much as what could happen with a laptop – escalation of privileges, mapping of server drives, login to remote platforms and so many other things can be done with a Trojan-infested workstation.
Smart phones and tablets, at the moment, present more of a threat for the user than for the company ~ most of the attacks are aimed at stealing personal information (online banking, for instance) or signing the user up for paid services which, in turn, rack up high phone charges unbeknown to the actual owner/user. That said, a password stolen from a smart phone could, of course, be an issue for the business. For instance, an SSL certificate stolen from a tablet could allow a remote attacker in through a VPN. I personally have not seen all this yet, and I am considering these more theoretical at this juncture.
But when it comes to laptops, there is no theory. A laptop can present a very dangerous mode of attack, and the company should have full control of it.
Next week, we will discuss how companies can help mitigate those risks ~ either by making changes to an existing BYOD policy or reviewing some key factors that should not be overlooked when developing a BYOD policy for the organization.
Enjoy your weekend.