Don’t let BYOD open the door to cyber criminals at your small business

Among the key issues identified by attendees at the recent UC Summit 2015 was the growing need for mobility. Mobile devices, apps and cloud computing enable employees to boost productivity by accessing critical company information wherever they are – working remotely at a customer site, on the road or at home. Employees even can launch a web or video conference to confer with a colleague or customer from a mobile device, using a headset to ensure audio clarity.

In support of mobility, more and more businesses large and small are allowing Bring Your Own Device (BYOD) whereby employees can use preferred personal smartphones, tablets and laptops for work. A consumer security risks study by international software security group Kaspersky Lab indicates that two-thirds (62 percent) of business owners and employees now use personal mobile devices for work.

However, steps to protect company data, which includes sensitive customer information, have not kept pace with the growing acceptance of BYOD, the Kaspersky study found. Among respondents, 92 percent say they keep sensitive corporate data on smartphones and tablets that they use for work and personal activities. Furthermore, although six in ten (60 percent) are concerned about the threat of surveillance and information theft via mobile devices, they do not actively protect themselves and rely on their employers to do so.

At the same time that employees are not taking necessary precautions to protect company data; employees aren’t doing as much as they should. Kaspersky found that a third of employers and small business owners (32 percent) see no threat from their workforce using personal mobile devices for work. Small business owners are satisfied with the security tools offered by free solutions. Large companies are more concerned about employee losing a mobile devices, which could result in damage to the company.

Need for a BYOD policy

As InHomeland Security.com points out mobile devices are just as vulnerable to network threats as desktop computers. Hackers can get into a small business network by taking advantage of flaws in mobile operating systems or software operating on local or mobile networks to install malware on a device. A hacker also can grab unencrypted data sent across an unsecured public WiFi hotspot in a coffee shop or airport.

For these reasons, you want to have a mobile device protection plan that includes BYOD policies to protect your small business data. A BYOD policy  at a minimum should:

Specify device requirements: A BYOD policy should include what devices are acceptable for work use – Android, iOS, Blackberry, etc. It also should indicate how your IT department will support employee-owned devices.

Manage Apps: Set guidelines on what types of apps can reside on personal mobile devices that are used to access company data; some should be blocked from use during the work day. In the long run, it’s best to use cloud-based apps. There is less of a risk of data leaks, when data is stored in the cloud. Also make sure employees know not to use their work apps for personal use.

Ensure password control: Require passwords and ensure they are sufficiently complex and not simply a 4-digit numerical PIN. A strong password should include numbers, symbols and a mix of capital and lower case letters. A BYOD policy also should specify points in time or intervals when users need to change their passwords.

Require MDM software: Have employees install Mobile Device Management (MDM) software to protect data in the event a device is stolen. With MDM software, you can destroy any company data residing on the device and leave personal data.

Don’t let BYOD leave your business open to hackers. Put the right policies in place and train your team to be vigilant about protecting your small business data at all times.

About Judi Hembrough

Judi leads Americas Marketing strategy and go-to-market programs for the Small and Medium Business (SMB) customer segment at Plantronics. Judi has been a marketing director at Plantronics for 10 years in various roles focused on Strategic Alliances Marketing, SMB and Home & Home Office solutions. Prior to Plantronics, Judi was President of William-Christie Associates, Inc. -- a management consulting practice, for 10 years where she guided numerous companies such as Palm, Intuit, CBS MarketWatch and HID, in driving new initiatives.