Caution: Companies That Allow Bring Your Own Device (BYOD) or Telecommuting Run the Risk of a Data Breach
Companies have solid reasons for embracing Bring Your Own Device (BYOD) and allowing for telecommuting so personnel can work from home or on the road, but they increase the risk of data breaches for the company.
Two policies are currently in favor with hundreds of thousands of businesses across the United States and the globe. While companies have solid reasons for embracing Bring Your Own Device (BYOD) and allowing for telecommuting so personnel can work from home or on the road, they increase the risk of data breaches for the company.
What’s the Problem?
There are two closely related problems – the first has to do with the concept of BYOD. Thefirst reason companies choose to allow this is that it allows their staff to have the most up-to-date technology without having to acquire advanced technology themselves. The second is telecommuting. Workers that telecommute only need an internet connection to log into their workplace computer systems.
By the Numbers
So, let’s look at some numbers concerning both problems. An article published in Great Britain discusses a survey of 500 companies in the UK and Germany. Among their findings:
- 44% of organizations had a member of senior management lose a mobile device; and
- 39% had a member of their executive team report a stolen device
- 54% of survey respondents noted that a non-senior management employee lost a device and 49% said a device that was stolen
- 93% of these devices contained work-related data
- 49% had work-related emails on them
- 38% had confidential data or files
- 24% contained customer data
- 15% had company financial information
Results of similar surveys in North America, Europe, and the Pacific Rim all returned similar results.
Well, that’s interesting, but what are the implications?
Many of these devices when lost or stolen have passwords stored without any protection. This means thieves have easy access to your company data. Lost or stolen devices often have personal identifying information, personal financial information, or personal health information on them. If this data, or other data such as customer lists or proprietary information is breached, companies can see lossesin the tens of millions of dollars.
- 48% of companies reported they are unable to keep track of what data leaves the office and who is taking it off premise
- 54% agree that data can be safeguarded more securely
- 67% of responding companies acknowledged they know that employees break the rules concerning removing data from the workplace but have not yet addressed the issue
What Makes This Such a Big Problem?
Breaches are very expensive.
- Your company reputation will suffer if your data is compromised. This is especially the case if customer/client/patient information is breached. It is probable that your company will lose business directly because of the breach and finding new business may become harder as well.
- Most companies pay for identity theft monitoring and restoration for one year following a breach – this is an additional cost to the business and depending on the size of the breach can be very costly.
- In many instances of data breaches, affected customers or business partners sue or join a class action suit against the company that was breached. Defense, settlements or jury awards is also a new expense.
- Fines are often levied against companies that have preventable breaches and they can be in the millions of dollars – many small or medium-sized businesses can be driven to bankruptcy by these fines.
What You Can Do to Protect Your Data
Some measures help mitigate or eliminate threats. These include:
- Make sure your data is securely stored and require two-factor authorization for access to your system
- Install remote wiping applications on devices used by employees for remote or BYOD work
- Perform routine penetration tests so your company can identify potential security flaws