Reduce Security Risks of Personal Tech in the Workplace

Posted on Categories midJersey Business Magazine

Bring Your Own Device workplace policies can open the door to hackers

[dropcap]S[/dropcap]ince 2009, when Intel first introduced the term Bring Your Own Device (BYOD), the concept of letting employees use their personal laptops, tablets, and other digital devices for work-related activity has offered the promise of increased productivity and reduced costs.

In fact about 74 percent of companies have embraced BYOD, according to a survey released in 2015 by Tech Pro Research.

But there are risks. When employees plug their devices into a corporate network, they could infect a business’ system with dangerous viruses or other malware. Further, sensitive data that’s stored on an employee’s digital device may be accessible to hackers.

Common Use Doesn’t mean it’s Secure

Because smartphones and tablets have become appendages for most people during the business day, employers often overlook the risk this common practice can present.

“A lot of companies don’t think about the security issues that come with a BYOD policy until they suffer a breach or attack,” says Terry Ikey, owner of Ram IT Solutions Inc. in Hamilton. “We get a lot of these calls for help when people are surfing the Internet and unintentionally download ransomware,” referring to a type of malicious software that infects and hijacks a computer, restricting users’ access to it until a ransom is paid to unlock it.

Earlier this year, Hollywood Presbyterian Medical Center in Los Angeles paid a $17,000 ransom in virtually untraceable bitcoins to a hacker who reportedly used malware to gain control of the hospital’s computer systems.

But Ikey says, “Good common sense and good practices can help to safeguard a company’s network.”

For example, make sure that up-to-date antivirus and anti-malware programs are installed on any computer with sensitive information, or that connect to the corporate network; and run a full scan at least once a week.

“The company may have the right to … scan the employee’s device to ensure that it has not been infected.” – Benjamin Widener

“Also, train your employees to be wary of requests to open or download emails,” adds Ikey. “One common threat is downloaded from emails about ‘UPS’ package deliveries. They’re often a scam, and if you know you didn’t order a package, simply delete the email… If a company lets employees use flash drives [a small, portable data-storage device] to transfer information, the flash drive should be automatically scanned each time before it’s accessed.”

Backing up files on a regular basis to a secure physical or virtual medium may also help a company to recover data even if it is hacked.

Get Legal Protection

When companies think about cybersecurity as it relates to BYOD, they should also consider legal issues, counsels Benjamin E. Widener, a shareholder in the Employment and Litigation practice groups at Princeton-based Stark & Stark, and chair of the law firm’s Employment Law Group.

A business should put well-defined BYOD policies and procedures in writing, either in an employee handbook or a standalone written agreement signed by appropriate employees.

“The policies and procedures should address security, software, terms of use, the protection of company IT and proprietary data, and other issues,” says Widener. “Under certain circumstances, the company may also have the right to periodically scan the employee’s device to ensure that it has not been infected or otherwise compromised, and to ensure the protection of company data and information. An employer also will have the right to retrieve or wipe proprietary information from the employee’s device upon the employee’s resignation or termination of employment.”