Facebook Twitter LinkedIn Google Plus RSS

WHY B.Y.O.D. is B.A.D. Bring Your Own Device policies may sound great, but they can bring a host of security breach issues

By ,

Companies increasingly are adopting B.Y.O.D. policies — that is, Bring Your Own Device — when it comes to the electronic needs of their employees.

And there is a lot to like about the idea. Many employees love the ability to maintain their own cell numbers and use the laptops and tablets they prefer while employers love how it reduces the workload on their IT departments.

But these pluses come with a significant risk: Experts say having employees in an increasingly mobile workforce connect into company servers on their personal devices dramatically increases the chances of a security breach.

These companies, they say, need to step up their vigilance.

“If you are going to encourage a B.Y.O.D. policy, you need to have a lot of security discipline, and you need to have staff to manage your environment 24/7,” said Jeff Kaplan, CEO of Breakthrough Technology Group, a Marlboro-based cloud services provider that helps businesses facilitate mobile arrangements.

How vigilant companies are often depends on their size.

Large companies storing big data — be it consumer profiles or personal health records — tend to have bigger IT staffs and more sophisticated resources to fight the problem.

But experts say smaller companies, especially those with patented technology, also need to stay alert.

Those are the ones Kaplan worries about. He said many employers simply don't have the manpower to stay atop every threat — threats that become greater when employees rely on mobile devices also used for personal reasons.

“The endpoint (device) is by definition, not secure,” Kaplan said.

Security breaches are not new, and every news cycle seems to bring another example — just think of Target's recent troubles.

But the recent revelation by Edward Snowden that smart phone apps such as Google Maps and the popular Angry Birds game can be hacked to gain information demonstrates that security breaches are about more than just stealing credit card numbers from consumers.

“Cyber criminals, out of the Far East in particular, they are not interested in personal information,” said Scott Vernick, a partner at Fox Rothschild LLP specializing in data security and privacy. “They are interested in trade secrets. They are interested in industrial espionage.

“That's were data security has to concern everybody, including smaller companies.”

Kaplan said his company protects client data by installing virtual desktops on its servers. The desktops require specific logins and passwords when clients are accessing them for work reasons, thus separating business from personal use of mobile devices. Kaplan said BTG monitors security around the clock for its clients through a private cloud system.

“You don't need to monitor the firewalls 24/7; we'll do that,” Kaplan said.

Vernick said companies are aware of the pervasiveness of data threats, but too many avoid upgrades that require upfront costs, instead waiting to act after a breach.

“Most businesses are reluctant to spend the dollars necessary,” Vernick said. “It's an expensive proposition, but do you want to spend up front, or do you want to spend on the back end, when it becomes a lot more expensive?”

Mobile and remote communication in the workplace is likely to expand as enabling technology becomes more mainstream and prices fall. Take video and web conferencing, for example.

“What used to cost millions and millions of dollars, both in terms of equipment and networking, are now moving into the very affordable range,” said Greg Douglas, vice president for the public sector at Yorktel, an Eatontown-based provider of visual communication services to business.

Plus, employees expect remote flexibility. Kaplan said companies are going to have to be mobile-friendly to attract younger workers used to multitasking on their smart phones — and on the brand of smart phone they want to use.

“Everyone wants to use an iPad. Everyone wants to be able to work wherever they want, when they want,” Kaplan said.

Douglas said companies should consider adopting a virtual private network, which uses public networks to provide remote offices or individuals with encrypted access to their organization's network.

Ultimately, Douglas said security is a human problem. It starts with decisions involving simple things such as passwords before working its way up to the physical, such as data centers.

Now that assets are as likely to be based on information as they are bricks and mortar, Vernick said companies need to think through the implications.

“Unfortunately it often takes a data breach to focus people's attention,” Vernick said. “As we tell clients: An ounce of prevention is worth a pound of cure.”

E-mail to:  tomz@njbiz.com
On Twitter:  @biztzanki

Also Popular on NJBIZ

Write to the Editorial Department at editorial@njbiz.com

Leave a Comment


Please note: All comments will be reviewed and may take up to 24 hours to appear on the site.

Post Comment
View Comment Policy