BYOD: How to manage data loss

Darren Baguley

Tuesday 5 April 2016

Bring your own device (BYOD) is great for morale, but what happens when an employee’s device is lost or stolen?

BYOD a win-win?

Whether it’s through a formal BYOD policy or by allowing employees to check work emails on their smartphones and tablets, there are few modern workplaces where people aren’t using their personal devices to access corporate data in some way or another.

On the surface BYOD – or its stealth equivalent – seems to be a win-win; employees get to use the technology of their choice, rather than be stuck with boring corporate issue, and the company gets the opportunity free up cash that would normally be spent on a fleet of smartphones, laptops and tablets. This almost always leads to increased productivity with workers who are happy to blur the line between work and home.

The dark side is, however, corporate data can be exposed if a mobile device is lost or stolen. As data security continues to be a growing issue for organisations, it is of vital importance that pre-emptive and reactive security measures are in place to safeguard missing, lost or stolen PC and tablet devices and the data they contain.

Dealing with BYOD data security

Companies typically combine device features with additional mobile device management (MDM) software – such as Lenovo and Absolute Software’s Computrace – to manage and secure the corporate data on employees’ devices.

This type of software enables organisations to manage computers and smartphones regardless if a device is on or off the company network. It can also accurately and remotely delete data on missing devices and produce an audit log for proof of compliance, communicate to end users by freezing a computer and displaying a custom message, and access and retrieve files from a device regardless of its location.

When a device is lost, GPS or Wi-Fi technology is used to track assets on an internet map. Through ‘Geofencing’ the software allows companies to build pre-defined areas and apply rules with alerts if these rules are broken.  The technology is used to pinpoint the physical location of the computer so that in the event of a theft it can be recovered with the help of the police. In addition, Computrace technology resides within the BIOS (basic input/output system) of each PC, meaning it will continue to operate even when the drive volume has been formatted or physically replaced.

Three strikes and you’re wiped

Despite having these data security measures in place, it is worth noting that there can be some potential downsides. When a device goes missing employees may find that the company’s BYOD ‘acceptable use’ policy can have some rather unpleasant clauses in it. Something as simple as one of your children locking the device while trying to crack your password, not to mention something serious like theft or loss, can trigger the MDM software remote wipe of the device. This is a perfectly reasonable approach for the company to take, but you may not see it that way when important data such as your contacts, photographs, music and apps are wiped as well.

Personal data not as private as you might think

Another potentially nasty surprise in store for BYOD users is that your device may need to be handed over to authorities if your company is subject to litigation. If this does happen, looking from a legal discovery perspective, your device could be inspected by a third party such as the court. While the corporate data may be the focus of the discovery process, you will probably also have to make your personal data accessible. A final BYOD-related invasion of your privacy to be aware of is that the GPS or Wi-Fi technology used by most MDM software has the ability to track the location of devices it’s managing in real time.

Control the data not the device

While MDM is the most common way of managing BYOD devices, another approach is to control the data instead of the device. One way of doing this is with mobile application management (MAM) software. MAM allows the IT department to enable encryption by default as well as implement and enforce role-based policies that determine how applications store and share documents. MAM is even able to delete data and de-provision corporate apps when an employee leaves the company. If a device is lost or stolen, personal data can be left intact for longer in case it is eventually recovered.

Full disclosure vital

Whichever way an organisation chooses to manage its corporate data on BYOD devices, it is vital that the potential pitfalls are communicated to users as clearly as the advantages. While this may reduce the attractiveness of BYOD, it also reduces the risk of disgruntled employees.

This post originally appeared at ThinkFWD.


Building the next-gen data centre

Where traditional and web-scale apps co-exist