The case for Bring Your Own Device (BYOD) is compelling, especially for small business owners. Let’s start with cost savings. BYOD saves you the expense of having to keep up with mobile technology, which continues to evolve. Your employees also are happier and more productive because they have the flexibility to use the mobile devices they want to work from anywhere – even to remotely conduct a video or web conference on a smartphone or tablet using a headset.

Still as companies move to adopt BYOD, many are not addressing cyber security and data loss, both real threats.  Coalfire, an IT governance, risk and compliance services company, conducted a BYOD survey last month. The responses of 400 individuals across a variety of industries, none in IT, indicate that many companies do not have a policy for mobile device use and setting passwords.   Moreover, 49 percent of respondents said that their IT departments have not even discussed mobile/cyber security with them.

Key findings of the survey indicated:

  • 84 percent of respondents use the same smartphone for personal and work use
  • 47 percent have no password on their smartphone
  • 36 percent reuse the same password for a majority of accounts
  • 60 percent of respondents say they write their passwords down on a piece of paper. Only 24 percent use a password management system, 11 percent save an encrypted document on their desktop and 7 percent have a document saved on their desktop.
  • 51 percent said their companies cannot remotely wipe data form their mobile devices if they are lost or locked out

Whether you currently enable BYOD or are planning to; have a policy in place to safeguard your company.  As I’ve written before in “Is Your Company Prepared for BYOD,” your policy should spell out what is and isn’t acceptable regarding the use of personal mobile devices. Your policy on passwords should include a set timeframe for routinely resetting them.

Here are a few other recommendations to protect your company data as you implement BYOD. In “How to Let Employees BYOD Without the Risk,” Chris Petersen, CTO for LogRhythm, suggests having a separate network designed solely for mobile devices to protect your network from getting infiltrated with malware or from sensitive data falling into the wrong hands.

Petersen also emphasizes the need to have encryption installed on devices and for your company to be able to remotely wipe and erase data if the smartphone, tablet or laptop gets lost. Also employees should sign a policy on how they plan to secure their devices and agree to let your company know within an hour if one is lost or stolen.

BYOD can be a real boon to your business. Have all the right security policies and procedures in place to make sure it is.

Do you have a BYOD policy? What does it include?