By now CIOs are well aware that employees want to use their mobile devices at work and will most likely find ways to connect their machines to work systems.
The unfortunate by-product of the fast growing bring-your-own-device trend, according to lawyer and intellectual property expert Arvind Dixit, is the inadvertent exposure of organizations to security risks and legal liabilities.
Dixit outline some issues that companies need to consider:
BYOD policies – In order to minimize legal risks, companies need a detailed BYOD policy that spells out to employees, managers and executives the terms of the program. A BYOD policy will clarify how the program will operate and allocate risks between the organizations, workers and third parties. The BYOD policy sits alongside the company’s employment policy as the firm’s existing “acceptable use” policies.
Everyone should be required to actively accept the terms of the policy before given the privilege to connect external devices to the firm’s IT systems.
Liability issues – Organizations need to determine how they will allocate liabilities between their employees or BYOD users.
For instance, who will take responsibility for lost or stolen devices? Who is responsible for malware and virus attacks associated with employee devices?
Support for devices is another issue that can be controversial. Most employers want to limit their support for BYOD devices to providing connection to the company network. On the hand, employees expect to get support such as technical and security support from the employer.
Licensing and insurance – Dixit said most company BYOD programs fail in the area of determining that the scope of its software licenses are sufficient to cover the program. Business need to make sure that existing software licensing agreement will be able to adequately cover the needs of its BYOD workers and program.
Organizations also need to take into account how this will affect the employees’ need and rights to use applications and software that they have downloaded outside of their work, for work purpose.
Data security and confidentiality – Data security and confidentiality issues are probably the biggest hurdles for companies contemplating BYOD.
For example, the loss of devices that hold sensitive information has resulted in major legal and public relations debacles for many high-profile private and government organizations.
Companies need to investigate the appropriate technologies that can help them prevent data breaches and mitigate the risks.
Dixit suggests looking into sandboxing strategies so that organizational data in isolated and kept in a particular segment of the mobile device specially allocated for professional apps and information.
Another useful technology is remote wiping tools that enable administrators to lock down or wipe clean devices that may have been stolen or lost.
Some companies claim the right to track their workers’ online activities when they are using company-owned devices.