As more companies transition to an environment where employees are permitted to use their own personal mobile devices, maintaining the security of company networks has become more challenging than ever. While BYOD offers several benefits, including reduced costs and increased productivity, it still creates some risks.
Unfortunately, though, many businesses are not adequately educating their employees about the dangers of the BYOD environment, creating situations in which employees may inadvertently put their employer’s network and data at risk. Most employees do not want to be the cause of a serious security breach, so it’s important for IT security departments to clearly communicate the company’s mobile device management policy to prevent future problems.
And while many IT professionals are exceptionally skilled at their jobs, and do an excellent job managing their firms’ internet and network security operations, they may struggle when it comes to explaining how technical concepts and security measures work to those who do not share their background. Important information has the potential for getting lost in translation, and employees who may not completely understand their employers’ policies, prohibitions and expectations could make mistakes.
For that reason, it’s important for IT professionals to follow some important principles of effective communication when they present BYOD and mobile security polices to employees. Taking the time to ensure that everyone understands their role in keeping the company network safe will save everyone time and money in the future – and prevent the potentially serious consequences of a data breach.
1. Provide a Means for Feedback – and a Person to Talk to.
A recent survey of more than 400 North American workers indicated some startling facts about BYOD polices and what employees know about them. Almost half of the respondents noted that their company’s IT department has not spoken with them about MDM, and 56 percent the respondents indicated that they did not know who to talk to if a mobile device they use for work is lost or stolen. Other studies indicate that many workers are hesitant to contact their IT department, for a range of reasons including everything from feeling intimidated by their own lack of technical knowledge to simple embarrassment or fear.
Organizations with successful BYOD policies make it a priority to include employees in conversations about the policies, and open the lines of communication between employees and IT departments. When employees know who they can call if they have a question or a problem, and have been involved with the development of the policy from the start, the level of understanding increases.
2. Clearly Outline What is Expected of Employees – and the Level of IT Involvement.
In the same study mentioned previously, while 28 percent of the participants knew that their employer could remotely wipe their devices – in other words, remove all of the data contained on the device in the event of a security breach – more than half of the respondents didn’t know, or didn’t understand, that this was possible.
When you’re communicating your BYOD policy, it’s important that you explain, in non-technical terms, exactly how employees can use their devices, what type of activities (such as downloading apps from unknown sources) are prohibited, and what IT can and will do to keep the organization’s networks safe. If you are using an outside vendor, explain how the solution works in easily understood terms, taking care to clarify exactly what employees can expect. It’s important to also specify exactly what IT will and will not handle when it comes to problems with the device; employees should understand when to contact IT and when they need to contact their carriers.
3. Inform Employees that They Still Have Some Freedom – to a Point.
One of the problems that often crops up in a BYOD environment is a lack of understanding by employees about how much control they still have over their devices – and how much IT will actually have access to their personal data. When communicating the BYOD policy, it’s important to stress that trust goes both ways, and clearly outline how much access the organization will have to private files and under what circumstances they will be accessed. Doing so gives employees peace of mind, while also warning them of the consequences of failing to comply with company policy.
When it comes to BYOD and mobile device security, communication can go a long way to preventing serious security breaches as well as misunderstandings. IT departments need to take the time to create clear messages and answer questions – as well as keep the lines of communication open – to allow the company to reap the full benefits of employees using personal mobile devices.
About the Author: Karen Warner is an author, speaker and IT security consultant. She often is hired to speak to businesses about the potential pitfalls commonly associated with BYOD initiatives and security concerns. During her presentations, she references using software like Trend Micro to handle these situations. She believes her most valuable advice is that education is the true key to protection. Karen makes her home in Chicago.