Small businesses are finding an easy way to cut down their hardware costs by letting employees use personal devices to do work. There are a few reasons why this might be a good idea: low upfront costs and employee convenience are definitely benefits. When you run a small business that can't offer the same salary, health insurance deals, or long-term security as larger, established companies, you have to get creative. But there are some circumstances when you should absolutely prohibit the practice, and several reasons not to do it no matter what.
When should BYOD policies be forbidden?
The old maxim about security and convenience being at odds is often true: better security is more inconvenient as it gets stronger, and convenient practices are less secure. So if your business involves information that is subject to HIPAA regulations, such as health information, use protected, company-issued devices. The same is true for most government contracts, actual security services, and any niche where privacy is your main currency. A lot of the regulations surrounding data security for high-risk datasets require you to be able to wipe clean or otherwise destroy compromised data on devices, and that gets dicey when they actually belong to current or former employees.
Why should you always think twice about doing it?
Personal devices always have additional security risks. You can't always mandate or monitor industry-standard malware protections. Your employees are also free to look up, input personal information, and download at any site they wish to, regardless of the security implications. That always puts your business in a vulnerable position, no matter how much you push to keep all business information on online portals and in the cloud instead of in local files. It also means you can no longer use their personal phone or tablet as a platform for two-factor authentication, which means you have to get even more creative about security.
Keep personal and company accounts completely separate.
The division between work life and home life shrinks unless you deliberately keep them separate. More and more businesses have BYOD, or bring your own device, policies that mean work is never too far away. A growing number of businesses also assign their employees work laptops to allow for work at home and telecommuting. While these policies have their own advantages and disadvantages when it comes to efficiency and corporate culture, they can wreak havoc on your business's social media security. Here's why you should keep the line between work and home clear:
Keep your password circulation limited.
Passwords always have traces of poor security. People tend to use easy-to-remember passwords and save them in their browser's cache. This is especially true for corporate passwords, which usually start as some variation of '[Company Name]123.' Those passwords are easy to guess and that means potentially malicious users can gain access to your account. While easy passwords need to be removed, you can also keep access more secure by limiting the number of devices people use to log into the company accounts. Marketers should use the dedicated business devices only and should never use a browser to save the password.
Employees logged in to personal and business accounts can make mistakes.
The Internet doesn't let corporations forget mistakes. If any of your employees accidentally type a personal message on your business's Facebook timeline or takes a personal photo with the company Instagram account, that mistake could haunt your brand. The more inappropriate it is or the more parody potential has, the worse it can be. So implement strict policies of keeping your business social media accounts on your business devices only. While it might make it a bit less convenient to create a post, that extra inconvenience gives your marketing staff more time to think things through.
BYOD policies can be useful for self-employment, contractor assignments, and even small businesses where mobility and convenience outrank security. But if you're concerned, go to Delmarva Group, LLC for more solutions and tips before making a decision.