Consider BYOD risks before implementation, report warns

Consider BYOD risks before implementation, report warns

The possible benefits that can arise from having an effective bring your own device (BYOD) policy have been well documented, with many experts suggesting that it is great way to not only reduce spending, but also to increase productivity by allowing employees to work flexibly.

But a new report, published by the Information Security Forum (ISF), has warned that business managers must ensure they are aware of the risks that come with such a practice, and address those concerns appropriately.

It claims that firms that insist on pushing ahead with BYOD too quickly, are often guilty of neglecting risk assessment and management, subjecting them to both unknown and unnecessary risks.

ISF chief executive Michael de Crespigny said in a statement: "The use of personal devices to store and process sensitive information continues to rapidly affect the way we do business.

"At the same time, it means organisations are easily exposed to new and more complex threats from stolen, lost or destroyed data, malware and other attacks if the device is not securely used and protected."

He added that ensuring the right measures are taken now would allow firms to enjoy the full benefits that come with a BYOD approach, without having to worry about security being compromised.

Another big point underlined by the organisation is the importance of having a BYOD policy once it is adopted, as this heightens levels of security even further, as it reduces any risk of information leaking out of any company device.

Despite the importance of a BYOD policy being well-known to many experts, there are still an estimated 60 to 80 per cent of companies that do not have such guidelines.

It is generally believed that any mobile device management (MDM) program, no matter how weak on risk assessment, is still better than having nothing at all.

Caleb Barlow, an application, data and mobile security director for IBM, told ISF: "There isn't an option for companies not to have a mobile strategy."