In his recent Forbes article, Adam Levin made a good argument for the danger of BYOD, and what steps enterprises should employ if they do allow BYOD. He points out that employees do utilize devices and computer at home, often on insecure networks and weak routers. Levin emphasizes that enterprises should require and verify that home networks use secure routers with up-to-date firmware, that home equipment should be just as secure as the network at work. In general, a lot of solutions forget that its not only tablets and smartphones that enterprises need to worry about. Laptops are mobile devices too, and if employees are using home computers and home networks, those should be secured as well.
I think the best overall approach to data security is education, containment, verification and respect. I do agree that it is imperative that enterprises secure their data, the expense of not doing so far outweighs the costs of security implementation. While I do believe this should reach even into the employees home network, I think that educating the employees on how important this is and what the disastrous results could be if this is not followed is as critical as the implementation itself. Furthermore, I think respecting the employees privacy is the number one way to ensure their commitment to protect this data. Employees will be a lot more likely to follow through with the invasion of their own devices if the corporate data is in a separate container, and the personal part of the device is left alone. With all the device and data management options out there, there is no excuse to have to wipe all the data off of an employees device; only the corporate data should be wiped.
So, to add to Levin’s points:
1. Have a corporate Data Policy which includes all technology used to access corporate data, whether this is a smartphone or an employees home network used to access corporate data.
2. Discuss above policy with employees to help them understand the importance of keeping corporate data safe, and outline how you will keep the employees data private.
3. Make it easy for employees to implement security software.
There are so many data management options out there – choose one that allows comprehensive control and allows employees the privacy and integrity of their own data if the device would need to be wiped.