Bring-your-own-device (BYOD) policies are becoming more common in the workplace. Reduced costs, ease of communication and increased productivity are some of the reasons companies are implementing these policies. But is encouraging the use of personal devices at work right for your small business?
BYOD on the Rise
Chances are your employees have already used their smartphones or tablets for both personal and business purposes. Research conducted by Tech Pro featured in ZDNet shows that 74 percent of organizations are using or planning to adopt BYOD. Its prevalence is even greater among small businesses.
How Much Security Does My Business Need?
Mobile security is an important concern when deciding whether to allow personal devices at work. You'll need to decide the level of security and the actions necessary for mitigating risks to your business. To determine your business's security needs, conduct a risk assessment. This involves taking inventory of what you need to protect or what you stand to lose should a security incident occur. The assessment's results will help you decide if using personal devices for work is a worthwhile risk to take.
For example, if your industry's compliance standards are strict and certain types of work require the use of mobile technology, you may want to provide employees with devices and phone/data plans to better manage security. Companies that must comply with the Health Insurance Portability and Accountability Act (HIPAA), for example, must take great care to protect patient information. Noncompliance could result in penalties if personal data is compromised, but controlling device usage and security removes much of the risk.
Small businesses with limited or no IT staff might consider mobile device management (MDM) solutions to help secure and monitor employee mobile device use. These solutions can also separate personal and company data on employees' devices, so company data can be wiped without removing personal information, if necessary. This becomes especially important if an employee leaves the company or a device is lost or stolen.
Other options, if resources allow, include security training for employees who use personal devices at work. Newsletters or short, informational videos are inexpensive ways to keep employees aware of the latest potential security issues.
When forming a BYOD policy, include which activities and websites employees can use on their devices and recommended or mandatory security measures, such as regular security updates and password policies. Make sure your policy aligns with any business requirements or industry compliance standards you need to follow. For example, any company that accepts credit cards needs to comply with the Payment Card Industry Data Security Standard (PCI DSS).
For the most part, deciding whether to implement BYOD depends on the unique needs of your company, the industry compliance standards and potential security risks. Small business owners can begin by conducting a risk assessment to determine if allowing personal devices for work is the right course of action.
SIGN UP FOR THE THRIVE NEWSLETTER