Bring your own device to work: 3 tips for securing data

With more and more employees working remotely and using their own mobile devices to conduct company business, it’s vital that you protect sensitive information. Here are some safeguards.

When you hire an employee, do you allow her to use her personal tablet or smartphone for work so she can stay connected to the office on the go?

If so, your company is part of the growing trend of BYOD, or bring your own device. Roughly nine in 10 businesses worldwide allow employees’ mobile devices to connect to corporate networks, according to a recent survey by Cisco Internet Business Solutions Group.

BYOD benefits businesses by allowing employees to work flexible hours, at home or on the road. Some businesses achieve that aim by issuing company-distributed mobile devices for work use, but I believe that practice will wane.

The millennial generation transforming the workforce is less tolerant of the notion of carrying two mobile devices and more comfortable and productive when using a single device for both personal and business communications.

Savvy organizations will embrace employees’ desire to work from their own devices, including allowing them to use Android, Apple, Windows or whatever mobile platform or operating system they choose.

However, making company data accessible from a variety of personal devices carries increased risks of a security breach, whether from hacking, a virus or malware unknowingly downloaded by an employee.

That’s why it’s essential that you talk to the head of your IT department or a consultant about measures you can take to protect company and client data, including:

1. Implementing a mobile device management system or MDM. Simply put, an MDM is an app your employees load on their favorite tablet or smartphone that enables the company to protect its information and install additional business-related apps. The MDM system will, at a minimum, secure your business data so you can retrieve or erase it without affecting the other data on that device, such as personal photos and messages.

These tools also enable the company to establish schedules or even locations where employees are or are not able to access business data on their mobile devices for security reasons. Expect to pay a small monthly fee for this type of service, as most are Internet-based and priced per user. However, the peace of mind for any business owner will be well worth the price.

2. Preserving login and email trails. As more business software programs are stored in the cloud, business owners ought to be aware that hackers may be seeking vulnerabilities in the system. Make sure the system on which you store business data has an audit trail that tracks every employee’s login, as well as what information they upload or download from your company’s systems.

Note: This only works if each employee is using his or her own unique username and password. The audit trail will come in handy when it comes to tracking suspicious activity as it happens (for example, dozens of unsuccessful attempts to log in to an employee’s account), as well as to find out “whodunnit” after data have been compromised.

Many companies are now adding email archive tools, which capture every message employees send and receive, even if an email is deleted from the inbox. These archiving tools get less expensive as more people sign up. They can keep messages for years, which you can reference and search through as needed for legal or regulatory requirements. (Consult with your legal counsel to determine whether you are required by law to archive emails to certain standards.)

3. Using two-factor authentication. Consider that your employees may be using the same passwords at work that they use on other websites. If those passwords get stolen by hackers, they could be used to log into your customer relationship management (CRM) software or your accounting system through the Internet. Installing one extra method of verifying your employees’ identities will thwart that effort.

At my company, employees need more than a username and a password when they log into corporate email or use our CRM. With two-factor authentication, a username and password are validated by the software application, then a second method of verifying the user’s identity is required. In our case, an app on our mobile phones displays a secure code that changes every 10 seconds; the employee must enter this code in order to log into our corporate databases.

There are many variations of two-step authentication. Your IT department or consultant can advise you on methods that will work best with your software.

BYOD and business security don’t have to be a challenge, no matter the size of your business. Establish a policy on the acceptable use of mobile devices, and make clear to employees the ways in which the company will secure corporate information if it resides on an employee’s tablet or smartphone.

There is much to gain from empowering employees to work from anywhere. With a little planning, you can make the experience both productive and secure.

Robby Hill is founder of HillSouth. He took his passion for website design and built a hybrid IT consultancy + website design firm at the age of 17 that now employs more than 20 people. His firm recently launched a healthcare IT practice that has propelled it to an incredible growth rate and statewide success. A version of this article first appeared on BusinessCollective.

COMMENT

Ragan.com Daily Headlines

Sign up to receive the latest articles from Ragan.com directly in your inbox.