Don’t oversecure your network: Why NOT to ban BYOD

BYODAfter years of standing alone atop my network security soapbox, I find myself in an unusual position. I’ve noticed that the discussion about cybersecurity has shifted, with latecomers to the conversation competing to devise the most restrictive network protection policies possible. Instead of having to urge caution and risk aversion, I often have to dissuade companies from overcorrecting for security risks. Networks have a purpose, after all: They allow computers—and their users—to exchange data. Robust networks have become a vital component of modern business. Locking down the network too tightly may shield cyber vulnerabilities, but it also restricts employees’ productivity and efficiency.

The boogeyman recently has been the bring-your-own-device trend. (BYOD is a policy at many companies that allows employees to use their own mobile devices—including smartphones, laptop computers, and tablets—to access corporate data.) I’ve noticed that BYOD tends to be portrayed as an unsecurable risk that companies must avoid entirely. That’s the wrong message to send to business leaders. NetGain Technologies understands cybersecurity threats and their impact on businesses. We have been advising clients for years to implement mobile device management strategies (MDM) to make the practice as secure as possible.

BYOD is Trending in the Modern Office

We give this advice to companies because BYOD is growing quickly. Some studies show that 40% or more of U.S. employees use a personally-owned smartphone, desktop, or laptop DAILY for some form of work purpose. In my experience, every dedicated employee I know will check into work email at least occasionally when away from the office—and they’re using their own cellphones and tablets to do it.

Even late in 2012, InformationWeek concluded that “BYOD is happening whether you like it or not” while pointing out risks that your BYOD policy should address.

You know something’s successful when people choose to use it. They’re finding value in it. That’s the case with BYOD in a business place: People are using the technology because it’s effective and easy.

But is BYOD Safe?

Of course, not every commonplace practice is safe. With cybersecurity issues at the forefront of business safety concerns, it’s important to ask whether BYOD is appropriately secure. After more than 30 years of advising clients about network safety, it’s a question I ask myself about every new technology that develops.

Do I think BYOD is safe? I do.

But after reading a few foreboding BYOD articles in the mainstream press recently, I wanted to make sure my own advice is appropriately risk-aware. I asked David Reedy, NetGain Technologies’ security practice manager, if BYOD admonitions are just a knee-jerk reaction or if the red flags are well advised. David told me that “the risk associated with BYOD can be reduced to a level considered appropriate in most cases.” He advises that, within a properly designed and maintained security plan, “bring-your-own-device” is a policy that most small businesses can feel confident implementing within their network.

As a managed IT services provider, our role is to make the practice as safe as possible. All the caveats apply: Caution is appropriate and we advise clients to document policies regarding use of BYOD. But they shouldn’t dismiss BYOD entirely based on some shortsighted stance on business security.

BYOD and Appropriate Risk Levels

An old aphorism states that A ship in harbor is safe, but that is not what ships are built for. That idea extends to technology in the modern workplace. Prohibiting outside devices will lessen your company’s risks—just as severing your connection to the Internet entirely would make your computers as safe as they can be. But that’s not why you set up your network.

Related Posts