- Category: August 2013 - Data Protection & Security
The 15-page "BYOD Survival Guide", published by Acronis this year, provides five tips for data security in the world of BYOD. Here‘s a summary for your convenience.
Personal mobile devices have infiltrated organizations all over the world, enabling everyone to work from everywhere. It is safe to say that BYOD (bring your own device) is real, and it is here to stay.
The flip-side to BYOD is data protection, and ensuring that as employees bring devices to-and-from the workplace, confidential corporate data is adequately protected while remaining easily accessible.
An important component of data protection, often not addressed by BYOD strategies, includes ensuring that information and records comply with privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), as well as specific industry and regional privacy regulations.
Gartner predicts that by 2017 half of all companies will actually “require” employees to use their own mobile devices for work. Still, on the other end of the spectrum, 31% of businesses strictly forbid the use of personally-owned devices to access corporate networks. However, this is not realistically sustainable and will force employees to work around corporate policies and rules – which is simply a bad solution
Here are Acronis‘ Tips for keeping data safe in spite of BYOD:
1. Create a mobile device security policy
Creating a mobile device security policy doesn’t have to be complicated, but it needs to encompass devices, data and files. There are a number of simple things you can do, like require users to key-lock their devices with password protection.
Surprisingly, only 31% of businesses are enforcing this. 68 % use VPN or secure gateway connections across networks and systems, and 52 % use Active Directory and/or LDAP. The simplest place to start is to use device key-lock and password protection. Whether you opt for VPN security, key locks, Active Directory Monitoring or endpoint security, the choice is yours. But it is time to make a policy — and stand by it.
Part of creating and enforcing an effective mobile device security policy is accounting for personally-owned devices entering and leaving the workplace, a movement called take-your-own-device (TYOD). If not properly managed through processes like remote wipe, TYOD could cause major data leakage. Only 21% of businesses perform remote device wipe when employees leave the organization.
2. Stop making exceptions to your policy
We all know that rules are not meant to be broken, so why aren’t businesses taking their own mobile device policies seriously?
41% do have a BYOD policy in place, but nearly 25% make exceptions to policy rules. Worse, these exceptions apply to executives. Get it? Those with access to presumably the most sensitive data in the organization are allowed to break the rules. Does your CEO know that his tablet could crush his business?
3. Make “SAFE BYOD” everyone’s responsibility
80 % of businesses have not trained employees to understand BYOD privacy risks. Some companies allow employees to bring smartphones, tablets and even their own Macs into the office, since it improves productivity and increases collaboration and sharing, and some others completely forbid BYOD. Either way, a little bit of education can go a long way. If employees understand the privacy risks involved with BYOD, maybe data would be a little bit safer and there would be more openness for BYOD.
4. Prepare for the coming of Apple
65% of businesses will support Macs in the next 10 months and 75% in the next two years. Nowadays, people rarely leave home without their iPhone and iPad — some even with their Mac laptop. This means Apple devices are inundating the workplace: You can run from Apple integration, but you definitely cannot hide. If you fall off the bandwagon — or never get on it in the first place — you run the risk of driving away a desirable pool of employees, not to mention, you could miss out on exciting new technology and applications. The 57% of businesses that state compatibility and interoperability issues as roadblocks to Apple integration no longer have a valid argument — there are solutions out there to help solve these challenges.
5. Don’t underestimate the dangers of public clouds
When it comes to data protection, you have to worry about more than just devices. Everyone, at some point, has been guilty of saving corporate presentations or other files and documents in free public clouds, like Dropbox and Google Drive. It’s convenient instant access, right?
True, but public clouds are not secure, plus, public cloud application environments are often incompatible, causing business processes to become disjointed and employee productivity to slow down. IT departments are well aware of the threats associated with using public cloud environments, so why aren’t they mandating policies around bring-your-own-cloud (BYOC)? 67% of businesses do not have a policy in place that specifies sharing corporate files in a public cloud. Make sure you are not one of them. (Source: www.acronis.com)