Caution: Companies That Allow Bring Your Own Device (BYOD) or Telecommuting Run the Risk of a Data Breach
Companies have solid reasons for embracing Bring Your Own Device (BYOD) and allowing for telecommuting so personnel can work from home or on the road, they increase the risk of data breaches for the company.
Two policies are currently in favor with hundreds of thousands of businesses across the United States and the globe. While companies have solid reasons for embracing Bring Your Own Device (BYOD) and allowing for telecommuting so personnel can work from home or on the road, they increase the risk of data breaches for the company.
What’s the Problem?
Two problems are closely related. The first has to do with the concept of BYOD. The reason companies choose to allow this is that it allows their staff to have the most up-to-date technology without having to acquire advanced technology themselves. The second is telecommuting. Workers that telecommute only need an internet connection to log into their workplace computer systems.
By the Numbers
So, let’s look at some numbers concerning both problems. An article published in Great Britain tells about a survey of 500 companies in the UK and Germany. Among their findings:
- 44% of organizations had a member of senior management lose a mobile device; and
- 39% had a member of executives report a stolen device.
- 54% of survey respondents noted that a non-senior management employee lost a device and 49% said a device that was stolen
- 93% of these devices contained work-related data
- 49% had work-related emails on them
- 38% had confidential data or files
- 24% contained customer data
- 15% had company financial information
Results of similar surveys in North America, Europe, and the Pacific Rim all returned same results.
Well, that’s interesting, but what are the implications?
Many of these devices when lost or stolen have passwords stored without any protection. This means thieves have easy access to your company data. Often, lost or stolen devices have personal identifying information, personal financial information, or personal health information that can number in the 10s of thousands. If this data, or other data such as customer lists or proprietary information, is breached, companies can see losses that go to the tens of millions of dollars.
- 48% of companies reported they are unable to keep track of what data leaves the office and who is taking it off premise.
- 54% agree that data can be safeguarded more securely
- 67% of responding companies acknowledged they know that employees break the rules concerning removing data from the workplace, but, have not yet addressed the issue.
What Makes This Such a Big Problem?
Breaches are very expensive.
- Your company reputation will suffer if your data is compromised. This is particularly the case if customer/client/patient information is breached. It is probable that your company will lose business directly because of the breach, and finding new business becomes harder too.
- Most companies pay for identity theft monitoring and restoration for one year following a breach – this is an additional cost to the business and depending on the size of the breach can be very costly.
- In many instances of data breaches, affected customers or business partners sue or join a class action suit against the company that was breached. Defense, settlements or jury awards is also a new expense.
- Fines are often levied against companies that have preventable breaches and they can be in the millions – many small or medium-sized businesses can be driven to bankruptcy by these fines.
What You Can Do to Protect Your Data
Some measures help mitigate or eliminate threats. These include:
- Make sure your data is securely stored and require two-factor authorization for access to your system.
- Install remote wiping applications on devices used by employees for remote or BYOD work
- Perform routine penetration tests so your company can identify potential security flaws
“Your Professionalism with this situation at the Zero hour is definitely a rarity. Your team’s response was to take on a project that you had no prior knowledge of other than a customer was in a tight spot and needed assistance.”