The implications for disaster recovery when staff use their own devices at work
BYOD (Bring Your Own Device) is a popular trend among UK SMEs, which without a proper policy in place to govern its usage, might be harmful to your data security. When staff access sensitive business information using their own laptops, phones and tablets, there is a corresponding increase in the risk of a disaster happening. Typically, an individual’s own devices are set up with less security and virus protection.
Why businesses like BYOD
Savings can be made when employees use their own devices for work purposes. Their laptops, tablets and phones are often more up to date and advanced as well as being lighter, more portable, with bigger screens and wider capabilities than your existing company hardware. Productivity increases because of the level of familiarity with your own device. People work better and your business benefits as a result.
However, it is important to consider how you could be impacted if you are employing BYOD. You could be making yourself more vulnerable to data breaches and loss and suffer legal consequences as a result. So, what risks should you consider?
The associated risks of BYOD
Lack of security
Disaster is more likely in the form of accidental leakage and data loss, viruses and cyber-attacks when your staff use their own devices. Their device could be easily compromised, lost or stolen, which could give a third-party easy access to sensitive data. The consequence could be extremely serious or possibly fatal for your business.
Management of different operating systems
Devices are being updated and upgraded all the time, meaning the operating systems are too. The number of different versions make it very complex for a business to manage and support and this can lead to security breaches occurring. Your disaster recovery plan should include an effective solution that addresses this management issue.
Having no BYOD policy
Arguably the biggest risk of a disaster happening at all is failing to have a company BYOD policy. As well as weakened data security, there are also legal implications.
BOYD legal implications and responsibilities
Depending on the nature of your business, you may have to comply with legal requirements to do with the Data Protection Act, the Official Secrets Act or the Freedom of Information Act, etc. Your BYOD policy should address who is responsible for the protection of personal information and the implications of non-compliance with legal obligations.
BYOD policy planning – what to include
Apart from having a legal compliance strategy, other considerations are:
- network security
- data encryption
- local data storage prevention
- protection controls and limiting access
- tracking and deploying of applications
- establishing secure app-to-app workflows.
Communicating your policy fully to your employees means they will be aware of what their responsibilities are when it comes to safeguarding your sensitive information. It will also help to reduce the risk of a disaster being caused internally.
ASL can help you to successfully benefit from BYOD by performing a full assessment of the risk involved on all devices that access your company data. We can offer qualified advice on the security implications of jailbreaking and sandboxing, as well as assessing encryption methods and the use of passcodes to protect sensitive areas.
For further details on creating a BYOD policy for your business that reduces the risk of a disaster, contact ASL on 0345 862 0350.