Whenever I see the term “BYOD” in a rundown of information technology (IT) risks, I think of party invites that include the classy directive to “BYOB.” It turns out that the terms describe similar risks.
Employees who bring their own device to work can behave like tipsy party guests carting around six packs of cheap beer. Both groups of individuals pose risks to their host environments.
My problem is that most of the reasons for trying to prevent employees from bringing their own device to work sound fuzzy to me: IT folks seem to view BYOD as a territory grab by tech-drunk employees intent on using their iPhones and other new consumer gadgets as containers of corporate data that, sometimes, stumbled into risky territory (where that information could be exposed). How often does this time of risk come to fruition?
My question may be off the mark. Even if we’re not experiencing major BYOD-related disasters (not yet, or not that we know of), CIOs as well as risk and compliance managers increasingly describe the issue as a major concern. BYOD issues seem to have evolved IT-only risk to a genuine enterprise risk. Fortunately, some clear framing of this risk can eliminate any fuzzy notions folks outside the IT function have of this serious issue.
Abhishek Kansakar, a 2013 master of accounting student at North Carolina State University’s Poole School of Management, frames BYOD risks clearly in this article.
Kansakar explains the factors driving the growing use of mobile devices within companies, discusses the benefits of this technology (greater workforce flexibility, efficiency and effectiveness) and then spells out the major risks associated with mobility and BYOD. These risks include:
• Lost/stolen devices (and the exposure of proprietary information);
• Greater exposure to mobile malware (a challenge Apple and its workforce have dealt with);
• Device-owners’ misbehavior (e.g., using cloud-based storage for corporate data: a major no-no).
The article concludes with two-pronged advice for mitigating BYOD/mobile risk: First, establish and fortify mobile governance; second, create a short-term action plan. Placing Kansakar’s article atop your reading list qualifies as an effective, and sobering, step to add to any BYOD action plan.