A Bring Your Own Device (BYOD) policy has a number of benefits for your business or organisation. Businesses in Limerick & Galway along with a confidential shredding policy. Electronic devices have security features enabled as standard and having staff use their own devices can be a cost effective method for day to day business.
People will tend to look after their own devices better. While this is another benefit there are risks involved and it is worth knowing the risks involved if you decide to incorporate such a policy.
Ownership
Many of these issues arise because of the main characteristic of BYOD that the employee owns and to some extent maintains and supports the device. As a result, the you will have much less control over the device in comparison to a device owned by your business.
An employer will need to address these BYOD issues before enabling employees to bring their own devices to work. These issues include, for example, ensuring that work data will not be merged with an employee’s personal data, that non-employees, such as family members who use the device, do not access work data and, for example, what happens when an employee loses a device or resigns.
In seeking to implement a BYOD solution it is important to identify business objectives and benefits as well as taking into account security, audit and data protection requirements. Department heads such as IT, HR and managers should develop a BYOD policy covering security issues and terms of use.
For more information on data protection and guidance on digital data protection visit the Data Protection Commissioner site for a detailed guide.
BYOD business policy
If your business decides to use a BYOD policy, then informing your employees of the separation of data between business and personal data.
Data security is a prime concern for employers and importantly BYOD should not introduce vulnerabilities into existing secure environments.
Employers should also consider the use of a sandbox or ring-fencing of data, such as by keeping data contained within a specific app, as well as ensuring that, if the device is lost, the data on it is kept confidential and retained via a backup facility.
In terms of legal risk, losing employee or client data could result in the company breaching the Data Protection Act which could leave the company vulnerable to legal claims brought by the employee or client in question or a fine imposed by the DPC.
To address the data protection and security breach risks, the DPC guidance recommends companies consider the following:
- Which type of corporate data can be processed on personal devices
- How to encrypt and secure access to the corporate data
- How the corporate data should be stored on the personal devices
- How and when the corporate data should be deleted from the personal devices
- How the data should be transferred from the personal device to the company servers
Security
The DPC also recommends installing antivirus software on personal devices, providing technical support to the employees on their personal devices when they are used for business purposes and having in place a “BYOD Acceptable Use Policy” providing guidance to users on how they can use their own devices to process corporate and personal data. It should also be clear to employees that they can only process corporate personal data for corporate purposes.
The DPC also highlights the BYOD risks associated with increased monitoring at work by the technical measures that the company could put in place in order to ensure the security of the company data processed by the employees on their personal devices.
Ensuring fail safes are in place, in the unlikely event of theft or loss. Enabling geo-location, remote access, two step verification. A reputable anti-virus software can provide for such an event. Remembering prevention is better than cure.
Confidential Shredding Limerick & Galway
At Security In Shredding, data protection is paramount to our day to day operation. Confidential shredding services regularly destroy any and all unwanted documents your business may have accumulated.
Ensuring that data security is being maintained is important for you and for our us. For more information on our shredding services you can,
Email us at: info@securityinshredding.com
Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.