Bring-your-own-device policies require safeguards

This post also appeared in The Tennessean, where Concept Technology has a bi-weekly feature in the Business section.

The Bring Your Own Device (BYOD) phenomenon has been tiptoeing into companies’ consciousnesses for the past few years, but it has only been in the past six months that the issue has really pushed itself to the foreground.

While crossover between employees’ personal and work devices is increasingly more common, most business leaders agree that employees still shouldn’t use their personal mobile devices to access highly sensitive company data.

In many cases though, it’s reasonable to provide employees access to basic groupware services (email, calendar, contacts, basic Outlook data, etc.) on their personal devices.

If a business plans to allow these BYOD services, it must enact security measures such as requiring that users enter a PIN code or use an SSL certificate for connecting. One key policy that offers blanket protection for the company and employees alike is the remote wipe.

What to do first

Before implementing a remote wipe policy, it’s extremely important to make sure that every employee understands what it is all about. To keep it simple: a “wipe” means data is deleted.

But full, crystal clear dislosure to employees is essential. Employees need to know upfront that once they connect their devices to company data, one of the terms of service is that the company can wipe the phone of all its content in the event that it’s lost or stolen.

In our opinion, mobile devices are made to be wiped. If your entire sales team took the 40-plus mobile devices that they possess and destroyed them Office Space-style, how bad would it be? Sure, it would be inconvenient. Everyone would have to buy new smartphones or tablets, re-enter passwords and sync them with their music libraries, etc., but as long as they have their passwords and a few other tidbits of knowledge, one mobile device is as good as another.

These devices don’t really store much data. They’re the interface that serves data, fetching it and presenting it to you on the go.

A remote wipe immediately gets secure data out of the hands of someone who shouldn’t have it. This includes thieves, competitors and disgruntled employees. Even for the rogue employee — he can still get all of his personal data back, and all of the company data is stripped away.

Question of costs

The primary reason businesses have tolerated BYOD thus far is that it offloads costs onto their staff. Too many executives expect their staff to be available at all times, but are unwilling to pay for smartphones or tablets for their team. This puts pressure on employees to place their own devices under company control.

If employees need mobile access to a company’s data to do their job, it’s the company’s responsibility to provide the device. If a business wants 100 percent control of its data, the company should supply the mobile device. In this instance, the best practice isn’t a BYOD practice at all. It’s buying what’s needed for those who will be using it.