At a glance
- Up to 47% of people in the SME industry now use their personal mobile devices for work purposes
- Employees could inadvertently expose company data through use of personal devices
- However, staff using their own devices at work could help boost efficiency and effectiveness
- SME's should consider enabling their workforce through a bring your own device (BYOD) strategy which seeks to minimise risk
This article counts towards accumulating your annual CII CPD structured learning hours for Emerging Risks.
By reading this article, and correctly answering the three questions underneath, you will have achieved the following learning outcome: Identify key emerging risks and describe their main characteristics.
Visit the CPD Hub to log in and begin accumulating CPD hours.
Safeguarding their IT network is already a challenge for many companies. Add to this the trend for employees to use their own tablets and smartphones at work, and keeping your corporate network safe becomes a serious headache.
But, as long as employers follow careful steps, staff using their own devices at work could help boost efficiency and effectiveness and be something businesses should embrace, rather than fear.
An industry analysis on the risks around Bring Your Own Devices (BYOD), by YouGov showed employees often lack a sense of responsibility for protecting locally-stored corporate data. Companies also worry that employees could be accessing sensitive corporate data while on unsecured networks, or find their personal passwords compromised.
Yet introducing strict anti-BYOD polices isn’t the answer, as many employees want the flexibility and familiarity of using their own devices. A recent survey by the Information Commissioner’s Office (ICO) reveals that 47% of employees now use their personal device(s) for work purposes.
In the SME sector, where employees are already leveraging mobility solutions and personal devices at a faster rate than those in bigger companies, the cost savings and flexibility benefits of a BYOD strategy could really pay off.
“It is highly desirable for employees to access services, such as their corporate calendar and email, on their own devices. The question is how to combine the benefits of flexibility and productivity with security concerns,” says Adam Warwick, Director Business Change and IT at Zurich.
SMEs should be proactive
Adam says SMEs need to adopt a highly proactive approach. “Initially brokers should advise their SME customers to consider the level of damage that a breach of their IT networks would cause. From this, customers can judge how much to invest in countering that risk and choose from a wide variety of different software on the market to suit their particular needs.”
Next, brokers should ask their SME customers how much they are prepared to spend on a BYOD strategy. Considerations should include how they reimburse employees using their own devices, including expenses around insurance and tax implications.
“Don’t assume that employees using their own devices at work automatically equates to a reduction in costs, because employees may expect employers to insure and fund their devices,”Adam says, adding that companies may have to retain some corporate offering for employees who don’t want to use their own devices or those deemed to be high risk. “It may not work for everybody, companies will need to find a strategy that is acceptable to all employees.”
Other proactive steps include providing IT departments and employees with clear polices and user friendly guidance on how to filter and prevent information leaving the organisation.
One option, suggested by the ICO, is that businesses should regulate which types of personal data can be processed on personal devices, and put remote ‘locate and wipe’ facilities in place so the confidentiality of the data can be maintained in the event of loss, theft or personnel change.
Common sense policies
Above all, brokers need to stress to SME customers they need to be clear with their employees.
“They need to adopt common sense policies around how personal devices can and can’t be used. Only certain data should be passed around and there should be expectations on how to treat data that is downloaded to a personal device,” says Adam.
Enabling a flexible and collaborative workforce through a clear BYOD strategy presents a clear opportunity to enhance efficiency. Employers need to adopt common sense policies around how personal devices can and can’t be used to view and share company data
Adam Warwick, Director Business Change and IT at Zurich
Although companies may need to make significant investments in the short term, in the medium term securing personal mobile devices will become much easier to manage, as the market matures and software providers roll out new, cheaper products.
“It will become much more cost effective to secure personal devices because the costs will be eroded by the technology on offer,” he says.
As long as they are well prepared, companies should view employees using their own devices at work as an opportunity to leverage potential gains in efficiency.
For more information on helping customers manage the use of personal devices in the workplace, please speak with your local Zurich contact.