How BYOD is transforming today’s businesses
Although we’ve been hearing a lot about the current Bring-your-own-device (BYOD) trend – along with it’s benefits and potential risks – many businesses are still not convinced on the importance of a BYOD strategy.
In a survey conducted by Fairfax Business Research for The Australian Financial Review (AFR), it found that out of 1090 companies sampled, ranging from 50-1000 employees, 68% still refuse employees’ laptops, 63% refuse tablets and 58% refuse phones to enter their workplaces.
Moreover, those advocating BYOD are most likely from large companies with 1000+ employees, whilst medium-sized organisations of 500-999 employees more likely to allow, but not encourage, the policy.
This is truly unfortunate considering most Australians have become so dependent on our devices whether it be for social or work interaction. Just take a look at the results of a survey conducted by Ernst and Young (EY) which documented the digital consumption and behaviours of Australians. They found that:
1. Australians are more likely to use a smartphone than a laptop, and more likely to use a laptop than a desktop.
2. Of those who go online for work or business purposes, 43% do so on their smartphone.
3. 93% personally own their smartphone, and just 7% have it supplied by their employer.
4. 25% of regional Australians said smartphones and tablets made them more productive at work, compared to 36% of metropolitan residents.
Refusing to allow the use of personal devices for work is not only counter-productive but can be risky as well. Telsyte analyst, Shayum Rahim, revealed to the Australian Financial Review that they were able to record a high percentage of businesses which do not allow BYOD but are saying their employees just did it anyway.
The reasons commonly raised why some refuse to embrace BYOD range from the obvious security risks, shadow IT, additional overhead/expense, not enough time to plan, and so on.
What these companies fail to see are the benefits that BYOD bring to the organisation, including reduced expenditure for devices and – more importantly – increased employee flexibility/mobility and satisfaction. There are companies who are in fact using BYOD to attract and retain new employees.
There are ways to ensure a successful BYOD adoption like:
- Requiring a device registration. Every device that is brought into the workplace need to be registered. Take note of the following: device type, carrier (if applicable), MAC address, and user. This way you can track down users who are abusing your BYOD policy. Use the MAC addresses of devices to block offending users and employees who left the company from using your network.
- Imposing a strong password policy across the board. No exceptions. Also, make sure you require regular password changes.
- Limiting supported platforms. Decide which platforms (e.g. Windows, Linux, OS X, iOS, Android) you plan on supporting. You can’t embrace them all. Make this list known to the end users and stick to your policy. If users bring in unsupported platforms, do not allow them on your network.
- Expanding and improving your infrastructure. Expect network traffic to increase. This will take up more bandwidth. You will need a more powerful, enterprise-grade wireless routers to support these new devices. Make sure you’re using equipment that can handle the load to avoid dealing with a bottleneck on the network.
- Tightening up network security. The Windows Firewall is not enough. You need to deploy an actual, dedicated device or hardware-based firewall to handle network security. Also, make sure all domain admin passwords are strong and that all security patches are applied to servers.
- Making use of the cloud. Instead of allowing your remote users to access your company infrastructure, you can create an isolated cloud (e.g. Google Docs, Dropbox) so it’s easy for them to access the files they need to work on outside of the LAN.
- Running regular network auditing. You just need to know what’s on your network. Before implementing your BYOD policy, do a full audit on your network to account for every device on site. This will help you easily identify new devices that are trying to connect to your network, and identify which might be causing an issue.
- Defining accepted applications. Expect to deal with a plethora of mobile applications – from social networking tools, to games, to chatting. You need to define the type and names of applications that you will support and/or allow on your network. Make this list known to everyone.
- Implementing an antivirus/anti-malware policy. Don’t allow your users to use their own antivirus. A company-approved antivirus solution is necessary if you want full control over their devices. Any malicious files/activity detected must be reported to your IT immediately.
- Mandating encryption. Users must use some form of encryption if they are going to share data from outside your secured LAN. This could mean any application that stores data on the device will require its own password to gain access to that data (that’s on top of the device password). Additionally, if users are storing passwords on the device, those must be protected under a layer of encryption.
- Requiring everyone to sign the BYOD policy. You need to let your employees know that you are serious and they will be held liable for any wrongdoing. The policy should also give you the power to wipe/reset their phone if it’s lost or stolen. Make an effort to explain to them every rule thoroughly.
- Educating employees. Everyone should understand the risks involved with BYOD. They need to know how important it is to keep the anti-virus and anti-malware up to date. To be aware of the risks of sharing critical information to outsiders and risks of using their devices on unsecured networks.
It’s true that BYOD is a big challenge for a business. But it’s a challenge which can be conquered. All you need is well-developed BYOD policy, supported by the right vendor partner.
If you have questions about BYOD or you have issues with your existing policy, feel free to contact us.