Guest author: Mike Johnson, Director UC Architectures & Solutions
Before hastily implementing a BYOD policy, companies need to assess the full scope of risks that come with using mobile devices for work, says a new report from a leading cybersecurity organization.
According to the Information Security Forum, businesses that push BYOD too quickly often neglect or ignore risk management, which can have disastrous consequences. However, current estimates show that somewhere between 60-80% of organizations don’t have BYOD policies in place today–so what should these organizations do?
The first option is to hold off on BYOD. But is this really an option? Organizations that follow this path would soon realize they are hampering their workforce productivity, so another option would be to simply allow for e-mail delivery through Active-Sync and to require a PIN and email wipe, at the bare minimum. Companies can then take their time to thoroughly assess the risks involved in a more robust BYOD policy, develop a comprehensive policy and make an informed decision about how best to track and possibly restrict company information on personal devices. This approach ensures that when the BYOD strategy is put in place, it most likely has accounted for all major risk factors.
The final alternative is to quickly create a BYOD policy and start tracking devices using more robust features, but still keeping it simple. This line of thinking sees that employees are already using mobile devices for work, so the IT department that currently operates without a BYOD plan needs to get one in place as soon as possible, even if it initially ignores a few security holes.
Perhaps we can have it both ways? Should organizations adopt BYOD quickly and then phase in more robust features/functions and security? Or is this hype, and effective BYOD strategies simply require time to develop?