In a world where mobile devices outnumber people, the trend toward people using their own smartphones and tablets for business purposes is inescapable.
Which is why Bring-Your-Own-Device (BYOD) programs and policies have become commonplace in the business world. In fact, North America is leading this global movement. Per a survey by the B2B research firm MarketandMarkets, more than a third (36%) of North American companies had adopted BYOD programs in some form at the start of this year, with the adoption rate predicted to climb to 50% by early 2018.
Of course, this phenomenon means something else is rising, too: Mobile security risk.
Consider the issue of mobile apps. Take a moment, grab your own smartphone, open the app store and check how many updates to mobile apps are pending. On any given day, odds are six to a dozen are waiting for you to launch an update. And when you do, many apps automatically harvest and upload all phone numbers and email addresses from your contacts.
Yes, some do ask for your permission to proceed. But why would you refuse? After all, the app is gathering this information for your convenience. Do you really want to review every update and upload? Wouldn’t this process drain the integrated personal/professional productivity a BYOD policy is supposed to enable?
So, with all this data moving through the ether, increasing cyber-risk seems inevitable. That’s why Computerworld columnist Evan Schuman believes your company’s BYOD practices should be protecting business and personal data.
“Here’s the uncomfortable truth,” Schuman writes in a recent article. “As long as you permit your corporate apps and data to coexist on the same device as personal apps and data, you have an obligation to police both.”
The simplest, best way to do so, he argues, is offer basic penetration testing for your employees’ personal devices on a regular basis. He concedes that “doing pen testing on every consumer app any employee uses is a massive task,” but he also believes it’s a chore your workers will appreciate. Plus, this approach recognizes the reality of the BYOD world: Any risk to your employees’ personal data presents a risk to your company’s proprietary data.
Indeed, all that additional IT labor could be expensive. But probably not as costly as a data breach. Per the latest report by the Ponemon Institute, the average per-record cost of a data breach for organizations worldwide is $141. A relatively modest breach of 1000 records puts the incident’s expense well into six figures.
Furthermore, involving your firm in the management of personal devices increases the return on your technology investments by extending and enhancing your IT team. Mobile users are on the figurative frontlines of today’s cybersecurity wars and should be included in this virtual battle along with their personal devices.
Still, no matter how large your internal IT staff, it’s apt to need some help checking all those apps. That’s why more and more IT Managed Services Providers (MSPs) are specializing in mobility management for businesses of all shapes and sizes. For tips finding a good one, see our post “How to Recognize a Good Mobility Managed Service Provider.”