With more employees bringing in their own devices at work, how can companies protect themselves from a security breach?
Many organisations have Bring-Your-Own-Device (BYOD) policies in place as part of flexible work arrangements and to encourage more work-life balance.
But what may be great for your employee’s well-being may not be the same for your data security.
Experts warn that without proper security measures in place BYOD policies make a company’s IT infrastructure more vulnerable to data leakage and security breaches.
“There tends to be a trade-off between ease of access and the risk of a data security breach, whether through inadvertence or otherwise … when companies leverage off a BYOD policy,” commented Shaun Lee, supervising associate at JWS Asia Law Corporation.
“The most secure, and perhaps draconian, approach might be to ban all employees’ personal devices from connecting to the company’s servers and/or computers altogether.”
This would mean that employees won’t be able to access their email remotely and only pre-approved thumb drives or hard disks can be used for downloading and sharing information, he said.
However, the downside to this is that “companies may lose those productivity gains from employees having remote access to their documents and email whilst traveling or outside of office hours”.
Instead, the data privacy and cybersecurity expert suggested companies have a more graduated approach to preserve data security.
“For example, a company could require that employees who use their own devices to authenticate to a secure VPN to access company data. Certain applications and programmes also have the same ability to create a sandbox and to segregate personal and corporate data,” he said.
“Companies may also rely on enterprise level security controls over remote access to email on personal devices e.g. by requiring secure authentication methods and the ability to remotely wipe all data from the phone in the event that it is reported to be lost.”
But most importantly, Lee emphasised the need for companies to educate their employees on data security, saying that most security breaches at work are actually caused by human error and weak security practices.
“Apart from physical and technical solutions, user education is also very important,” he said.