Coined by Intel in 2009 when their employees insisted on bringing their personal devices to work, the term “BYOD” (bring your own device) didn’t come into full prominence until the year 2012 as other corporations also began to recognize the benefits. Not only did BYOD allow employees to further customize their work experience, it also saved employers a great deal of money and hassle when it came to device procurement and upkeep. It seemed like a win-win for both parties.
Unfortunately, in our current Hackable Age, BYOD may no longer be the convenience that it once was. At least not for business owners. You now face a slightly more complicated decision of “how do I decide where my sensitive data is allowed to live?”
With a new hack or software exploitation in our newsfeeds seemingly every time we look, businesses have been forced to adapt and strengthen their corporate security protocols at an alarming rate. Proper security is no longer the stuff of Sticky Note passwords and Windows Defender scans as even the most vigilant of employees can fall prey to a well-executed phishing scam or a seemingly innocuous downloadable. You would be surprised at how many still believe that their mobile devices are “immune” to the vulnerabilities intrinsic to full-sized computers. Mobile devices are more restrictive, sure, but they can still leave you open to the worst types of attacks.
With that in mind, let’s talk more about the implications of BYOD.
As mentioned before, there are particular advantages in allowing your employees to use their personal devices at work—convenience, customization, and employer savings to name a few. However, by allowing your employees to BYOD and connect directly to your company’s network, you are allowing potentially critical data to be housed on un-vetted mobile devices with limited user accountability. You may have little to no say about security updates or software requirements, and you often have limited insight into how users access or share your data.
Admittedly, the above are worst-case scenarios—hopefully not all of your employees will be as laissez-faire with your company’s data (but it only takes one to cause irreparable damage). Moreover, there are certain protocols, training courses, and device management and security software that you can require your employees to complete or download if they insist on working off of their personal devices. But, in the end, BYOD places your digital assets into a roulette wheel of security or lack thereof. All the technology in the world cannot fully rid your defenses of good-intentioned, but misguided human behavior.
Your next best course of action is to mitigate that human error as best you can. So, let’s talk about our options beyond BYOD.
It may sound expensive and old-fashioned to issue your employees “business” phones and laptops, but the reemerging COPE (Corporately-owned, personally-enabled) movement may just be your next step towards a more robust security strategy.
Unlike BYOD, COPE grants employers more control over the kinds of devices permitted to access their networks while still allowing generous levels of user customization.
Much like with their personal phones, employees can use their COPE devices to access social media, send personal emails, and download music, etc. However, pre-installed mobile device management and application controls at the same time prevent sensitive company information from being accessible outside of set parameters. Employers and IT leaders can blacklist particular applications and even prevent connections to public WiFi. Not only that, when an employee quits their job, the IT department can wipe the device clean of any residual data–remotely if necessary.
Without implementing literal security checkpoints (which we have done for our sensitive warehouses), there is little you can do to prevent employees from bringing their personal devices to the workplace, you can certainly limit—even completely deny—their access to your networks unless done so through their pre-sanctioned devices.
COPE places more control back in your hands while removing the avenues of error from your employees.
But, just like any story, there are two sides to this coin.
COPE heightens a company’s need for device hardware procurement, upgrade schedules, repair resources, and additional call centers (among other inconveniences). These services in turn require auxiliary money to sustain them and demand extra manpower to run them. Is the added security worth the amount of additional strain on your budget and existing workforces?
The answer to this will, of course, be dependent on your particular situation and on the projections and growth of your company. You may lack the current funds and resources to procure COPE devices for all of your employees, so you may need to stick with BYOD for the time being. Or, maybe you have adequate funds to purchase and maintain all COPE devices but you lack the manpower (or desire) to run the logistical nightmare of such an endeavor.
Either way, we understand your predicament.
If you ultimately believe that BYOD is no longer the best answer to your security concerns, but you are still reticent to make the switch to COPE, it may be time to look into DaaS (Device as a service) options. In short, you can enjoy the added security benefits of COPE devices, but you get to bypass the logistics of equipping, maintaining, and upgrading your employees’ devices.
To recap, the savings and convenience of BYOD struggle to outweigh the security risks of ungoverned device usage and human error. COPE, in turn, is often the safest answer for most corporations, although it tends to be initially more expensive if you choose to support devices fully in-house.
Still unsure which model best suits your needs? Weigh the setbacks. Consider the ramifications. Calculate the benefits of each. And then answer the question: how much is your data worth to you?