Fonality Blog | VoIP, Unified Communications, and Business Tips

Google Logo
How can you protect your company data when working in a BYOD environment?
Tips for preventing data breach when working with BYOD.

As the adoption rate of cloud-technology rises and employees across Australia continue to become more tech savvy, companies with bring your own device (BYOD) policies will become the norm, rather than the exception.  

It's easy to see why. The flexibility and reliability of the tech enables enterprises to seamlessly access and store data without being restricted by geography or device. The versatility of modern cloud-based business phone system, for example, provide a level of agility, scalability and ease of use that conventional dial tone networks simply can't achieve.  

What data security risks do you need to be aware of?  

The advantages are clear, but there is one thing you need to prepare before making the move to the cloud: Data security. Giving your employees the freedom to bring the device of their choosing and connect to the company's network could potentially expose your company to some serious information risks - but only if you go in unprepared.  

Thankfully, it seems as though most companies are well versed in the dangers of the cloud. In fact, research form Ernst & Young found that the top four challenges for businesses deploying BYOD centred around security issues.  

In 2012, the total average cost of data breach in Australia was $2.72 million.

Around 65 per cent of the study's participants cited mobile device security as their key concern, while data breach security (59 per cent) and mobile data security (55 per cent) were other areas perceived to be of high risk. Mobile application security was another hot topic, with 50 per cent of businesses surveyed declaring it to be a barrier to them rolling out BYOD.  

So, given the fact that the majority of companies appear to have a fairly good understanding of the risks involved with BYOD, are data breaches in Australia decreasing? According to Symantec, the answer to this question is a decisive 'no'.  

More than a mere nuisance, these attacks can have severe repercussions on a company's finances. In fact, the security software giant found that the total average cost of data breach exploded by 23 per cent within just 12 months, increasing from $2.16 million in 2011 to $2.72 million a year later.  

These statistics might sound somewhat daunting, but by no means should they dissuade you from leveraging internet-facilitated company assets such as VoIP phone systems, hosted storage and other modern technologies. Instead, try to view them as business reminders, highlighting the need for you to take data security seriously when it comes to working in a BYOD environment.  

So, what can you do to safeguard your company's critical information when your employees are connecting myriad devices to your enterprise's network?  

1. Keep information on a need-to-know basis  

Your employees do not need to be able to access data from other business units.Your employees do not need to be able to access data from other business units.

Perhaps one of the most effective ways of protecting company data is to establish digital walls that limit the information certain sectors within the business can access. Although this might sound like an overly restrictive process, in reality there are probably many units within your enterprise that simply don't need to be privy to the data being created or stored in other divisions. A company's marketing team, for example, would never need access to the ones and zeroes being held in the IT department.  

Compartmentalising your network like this protects your data from internal attacks and limits the damage of an external breach. Thiruvadinathan A, director of security and compliance at IT firm Happiest Minds explained that you create such a system by implementing access control lists, which can be set up to dictate the areas of a network that specific devices can connect to.  

"For instance, certain departments would only have access to specific file servers, printers or databases. This limits the amount of information that a malicious user could access, even if they had access to a device," explained Thiruvadinathan A, as quoted by Business News Daily.  

Mr A also recommended creating a separate virtual local area network (VLAN) to further control employees' devices.  

"Planning and creating a VLAN for BYOD devices will help maintain control. By putting all BYOD devices on their own VLAN, it separates them from network resources that management would not want them to access," he surmised.  

2. Narrow your scope of permitted devices  

Establish which specific devices your employees are allowed to bring to work.Establish which specific devices your employees are allowed to bring to work.

A couple of years ago, your employees' had a fairly limited selection of devices that were capable of handling the demands of the modern business world. By and large, it was a two horse race, with the vast majority of consumers and professionals alike opting for either an iPhone or a Samsung variant. A few years before that, the range was even smaller, with Blackberry commanding something of a monopoly over the business phone market.  

Fast forward to today's world, and there's a veritable smorgasbord of device manufacturers competing for your workforce's attention. GSM Arena lists more than 100 brands of smartphones, and that doesn't even take into account the more obscure ones.  

As you might imagine, the number of device manufacturers - not to mention the countless specific models - makes it close to impossible for companies to form a security strategy that takes the nuances of every piece of hardware into account. To solve this issue, cio.com recommended specifying within your BYOD policy which devices employees can and can't bring to work.  

While you do run the risk of making employees feel as though you're limiting their choices, the benefits of setting a defined list of approved devices cannot be ignored. The narrower the scope, the more easily you'll be able to set safeguards in place that will keep your business phone system safe and protect mission critical data form nefarious parties.  

3. Add remote wiping capabilities to all BYOD devices

Being able to remotely control access to specific devices provides you with greater control over your data.Being able to remotely control access on specific devices provides you with greater control over your data.

As in most facets of business, prevention is always the best cure, and by rolling out a security strategy you'll be able to minimise the risk of suffering a major digital setback. In saying this, it is important to have a contingency plan in place in the unlikely event that a data breach does occur. 

For example, if your employees are accessing sensitive information on their personal smartphone via the company's communications system, you need to think about what would happen if one of your workers were to lose their device. This is a very real possibility, with Ernst & Young estimating that more than 1 in 5 (22 per cent) of all mobile devices produced will be lost or stolen, and more than half of these will never be found again.

Would the device still be logged into the company email address? What information might be revealed? Could the person who finds the phone be able to access your clients' contact information or banking details? 

In a Digital Guardian article, CloudEntr VP of Business Development Tom Smith suggested that you could counteract these concerns by incorporating a mobile device management plan into your BYOD policy. This initiative would give your IT team the power to revoke access to a specific device or even remotely wipe the hardware, ensuring that even if an employee's phone, tablet or smartphone is lost or stolen, your company's data remains safe.