Educating employees about risks key to successful BYOD

Educating employees about risks key to successful BYOD

The best way to ensure that your bring-your-own-device (BYOD) strategy is secure is to educate employees about the risks of data breaches and how their behaviour can affect the overall infrastructure.

That is the verdict of a panel of IT and legal experts at the recent London SC Congress 2014.

According to an article in Computer Weekly, too many firms implementing BYOD are putting too much of a focus on technology itself, which can leave a company's system vulnerable.

Rick Doten, chief information security officer at the enterprise mobility firm DMI, was quoted by Computer Weekly as saying: "Any enterprise cannot apply appropriate controls before it understands how employees are using mobile technology and it does a risk assessment to ascertain if there are any privacy issues."

One of the greatest threats to be commonly cited by experts in relation to a BYOD policy is the fact that data is often put at risk when employees misunderstand the implications of using their devices inappropriately outside the office.

This can include downloading games riddled with malware, visiting contaminated websites or leaving sensitive data to be stored on public cloud systems.

Although companies can potentially get around this issue by ensuring they have visibility into the activities of workers using such devices, there is an increasingly prominent view among experts that educating employees is the best way to ensure that data is kept safe.

Paul Swarbrick, global chief information security officer at legal firm Norton Rose Fulbright, was quoted by Computer Weekly as saying: "The biggest danger of BYOD is not understanding the risks.

"Security should not be about the technology; it should be about the data and protecting that data wherever it is used, and about educating employees to access data securely."

Those present on the panel at the London SC Congress concluded that all technology solutions adopted by an organisation need to comply with its needs and that data protection on mobile devices should match that recorded for the rest of the enterprise.