Local authorities lack BYOD policies, risking leaks

Local authorities lack BYOD policies, risking leaks [Image: Peopleimages via iStock]

The importance of having an official policy around bring your own device (BYOD) in workplaces has been highlighted by the problems faced by local authorities in the UK.

New research conducted by Annodata, compiled after issuing freedom of information requests to 79 local authorities across all regions in England, has shown that just 42 per cent of councils actually have a policy in place.

This poses a threat to the organisations and the people they deal with. Annodata explained that without an enforceable plan in place, these organisations may be exposing themselves to the risk of data leakage. This means that any benefits that might have been experienced from BYOD will be lessened.

The benefits of BYOD

Most organisations – local councils and enterprises alike – will understand the advantages of allowing their workforce to use their own devices to carry out work duties.

BYOD allows workers to carry out tasks while they’re away from the office, but through official channels. For example, they can check their email on the train to work in the morning and prioritise what should be done that day.

It also gives businesses the chance to allow their workers some flexibility, which can often lead to improved productivity. Employees are able to take their own tablets on business trips or work from home on their own laptops, which can boost their job satisfaction in many cases.

There are also the obvious cost benefits. If your staff members are using their own devices, companies don’t have to splash out on buying them. There is also no need to fund any training programmes for anyone since they are already familiar with their own devices.

Familiarity also leads to faster output, since workers don’t have to get used to any new systems. They can work the way that they feel most comfortable.

Risks of BYOD

Although BYOD can offer real advantages to companies, there are risks if the policy is not managed properly.

The biggest threat is the leaking of sensitive information, particularly when relating to customers’ details. In the sort of connected world we live in now, the potential for hacks and data breaches is always increasing.

BYOD means that companies often lose visibility and control of the data that is being transferred, stored and processed on a personal device. What a worker chooses to keep on their smartphone is generally up to them.

The potential for devices to be lost or stolen also presents a risk. Employees may try to be as careful as possible but if they no longer have control of their device, there is the very real risk of it falling into the wrong hands, who can then access very sensitive information, particularly in the case of the public sector, where citizens’ personal details might be stored.

Some devices have also been compromised by their owners, often unknowingly. This is generally the case when smartphones have been rooted or jailbroken, which presents more risk. It makes it easier for hackers to access devices and malware becomes more of a threat to these devices.

These are all risks to businesses with employees using their own devices, unless there is an efficient BYOD policy, which can give companies back control.

Public sector BYOD

Joe Doyle, marketing director at Annodata explained: “BYOD can bring clear benefits in the form of greater flexibility and increased productivity. However, any gains to be had from BYOD will be null and void if there is not a clear policy to accompany this.

“The risk of not giving BYOD appropriate consideration can result in companies being left exposed to an increased risk of data leakage, whilst also making it difficult to determine which devices are accessing which systems and data.”

He said that employees will continue to want to use their own devices, adding that his company’s experience leads him to believe that this will be the case, “with or without a standard”. He highlighted the importance of having BYOD policy in place, saying that it grants organisations greater visibility and control.

Mr Doyle went on to say that the public sector in particular has to approach BYOD with due diligence and that special emphasis needs to be placed on security when employees are using their own devices to access an organisation’s data.

However, he explained that this presents an ideal opportunity for local authorities and other public sector organisations to revise their approach to existing IT policies and how data is managed.

In doing so, these organisations can minimise the risks associated with BYOD and enable hugely significant benefits, including increased productivity and efficiency, to be attained.

It’s important to have the right mobile device management and mobile data management policies in place for councils and other bodies to fully and securely embrace BYOD.