There are many benefits for an institution that applies a BYOD system. Reduced costs, better use of the device’s capabilities, quick use and a shorter implementation. But letting users bring their own devices makes an IT department lose its iron grip of the security and data gathering department, since they won’t have control over it anymore, opening the doors for security breaches and lack of behavioral reports.
While the most common answer to managing device security would be to limit internet usage by blocking ports and certain websites, this trend is not recommended by experts. According to TechRepublic, blocking sites like social media or video websites lowers the morale of the team, making them feel controlled while also wasting the opportunities given by these sites. Imagine having a company that requires communication with users but Facebook is blocked. Sounds like a recipe for disaster.
Without control over the network or Internet usage, each device brought into an institution poses a threat for the data that is being handled. According to a study by HP, 97% of employee devices contained privacy issues, making it easier for data to be stolen if it is not encrypted or properly secured.
That is one of the biggest risks when handling BYOD mobile device management. And you probably know why. Not being able to monitor what went wrong, or why or how until after the damage is done. If a student or employee falls victim to data theft, phishing or a straight out attack there is no way to track it if it was done on their personal computer or laptop.
The best way to keep all devices in the same line, experts say, is to implement a training program to teach the entire team how to use the internet properly. Showing the risks of piracy and how most threats are invisible to untrained eyes (and Antivirus), and explain how malware and phishing methods are distributed over social media. Thus, users will not only be on the lookout for potential threats, but they will also be able to identify if they’ve fallen victim of one of these methods, making it easier to prevent massive theft.
Another method is to run regular checks to the devices being used. If the IT department regularly checks cellphones, laptops and other smart devices for threats, they’ll not only be able to see if there are breaches in the device, but to also implement data encryption to make it harder to steal data from them.
It is very easy to just explain this with words; but there is a catch. Analyzing a device that is brought from outside the office would need special permission from the owner, a right that is even protected by law in certain countries, so it isn’t absolute. If an employee doesn’t want to have his phone checked, he has all the right to deny permission.