Protecting company data in the BYOD era
What is BYOD? The acronym stands for Bring Your Own Device. In French: Apportez Votre Equipement Personnel de Communication (AVEC). In fact, your employees use their own device (phone, tablet or computer) in the workplace. What impact does this have on your business in terms of data security? Find out all our advice in our section dedicated to the use of antivirus software.
The growing success of BYOD
More practical
Employers are obliged to provide their employees with the resources they need to carry out their professional duties. Personal tools can only be used in a secondary capacity. However, employees often leave their work computers at the office and continue to use their personal tools on the move. This is not contrary to the Labour Code. And it's BYOD.
Less restrictive
Companies equip certain employees with business phones. These are generally sales staff, who travel a lot. Nowadays, we're gradually getting used to having everything at our fingertips: via our smartphone or tablet. We don't necessarily have to be mobile, but we want free access to our email and work tools, wherever we are. To meet this expectation, it is in the company's interest to authorise BYOD. This allows people to work more freely. This makes the company's operations all the more attractive to its employees.
Is BYOD a threat to your company?
A question of responsibility
The employer is responsible for the security of the company's personal data. This includes when the data is accessible on external terminals, as is the case with BYOD. However, they do not have physical or legal control over these devices. Insofar as its authorisation has been given, the CNIL (Commission Nationale de l'Informatique et des Libertés) considers that its responsibility is engaged.
A risk for your data and your IS (Information System)
To control the risks associated with BYOD, you first need to identify them. They cover three aspects:
- Data integrity and confidentiality. Let's say your mailbox is open on your smartphone and freely accessible, with no need for identification or a secret code. Anyone could, without your knowledge, consult your e-mails and obtain sensitive information relating to the company. The risk of leakage or industrial espionage is linked.
- Data availability. You need to think about the consequences of having more devices connected to the network. An unplanned overload can make data unavailable from time to time. For example, employees' personal BYOD devices can slow down business operations.
- General compromise of the company's IS. Via a personal terminal, an external intrusion can infect the system (virus, Trojan horse, etc.).
These risks need to be identified in the light of your company's specific circumstances: what equipment is involved? Which applications? What data? These risks then need to be weighed up by assessing their seriousness and likelihood.
How can BYOD be made secure?
Securing devices
Various measures can be put in place to extend the protection of your company's information to BYOD devices. You can :
- Set up secure remote access to company applications and data: using a robust authentication system such as an electronic certificate or smart card.
- Encrypt information flows (VPN, HTTPS or other).
- Create a security bubble by partitioning off the parts of the personal tool that are used for business purposes.
- Protect BYOD terminals against malware by equipping them with a security solution or dedicated protection programmes.
- Provide for a procedure in the event of loss or breakdown of the personal terminal. In this case, the network administrator needs to be informed immediately, so that the business data stored on the terminal can be wiped remotely.
A solution for your protection
Antivirus software solutions can be used to coordinate these cybersecurity actions. Bitdefender, for example, provides your system administrator with a unified Cloud console. It enables you to remotely deploy and manage your entire digital infrastructure: workstations and servers (physical and virtual), Exchange messaging systems and mobile devices.
The administrator can easily define the company's security policies in the tool and create reports. All the data associated with anti-virus and anti-phishing scans - malicious URLs, suspicious programmes, etc. - is listed and catalogued in the Cloud. This really takes a load off your local server. Device protection remains physically present on the devices.
Data protection is a crucial issue for both large companies and very small businesses. The growing practice of BYOD is driving the need for powerful IT detection and protection solutions. So that working can continue to be an attractive option, without threatening the company's IS.