SMEs are putting themselves at risk of massive data loss and large scale security breaches by letting employees access business networks on their personal devices, in a trend known as Bring Your Own Device (BYOD).
A panel of industry experts, chaired by web hosting specialists UKFast, has warned SME employers of the security implications surrounding BYOD. BYOD is the latest technological buzz term, encompassing the growing trend for employees to use their personal laptops, tablets and smartphones for business purposes.
The flexibility of such devices is revolutionising workplace, freeing employees to work how they want, when they want; but one potential drawback has emerged - the security of company data on personal devices, and the consequences of sensitive data loss.
The panel discussed the need for businesses, in particular SMEs, to develop their knowledge of the implications of these security breaches and set in place processes to minimise their impact.
Stuart Coulson, head of sales at online security specialists Secarma, said: "Small start-ups don't have the resources to gain each ISO or PCI standard straight away and don't yet necessarily have the expertise to achieve either whereas larger firms already have this foundation of accreditations and compliance, which makes implementing a BYOD strategy so much simpler and more effective."
Elliot Hughes, from Cisco, expressed his fears that many businesses did not have robust processes in place to protect their data, and many were unaware it was even at risk: "A lot of people that we speak to don't actually know what is going on in their network. The network has grown organically and they don't have the budget or expertise to manage it properly. They could not tell you who has plugged into the network or when."
The lack of expertise around understanding and controlling the security implications of BYOD is the biggest challenge faced by SMEs. Despite this, companies have no option but to develop their expertise and protect their data from being compromised.
Nick Francis of Barclays stressed the permanence of BYOD and the need for smaller businesses to catch up: "There's no choice as to whether we embrace BYOD or not. People are going to do it anyway. It's not an option to ignore because the damage that leaked data can do to a brand's reputation if client data is lost is massive.
"BYOD has sneaked in through the back door almost because people understand that they should lock their doors and protect against viruses but they are not really sure about how to deal with securing their network for BYOD but it is necessary to broach this and have a policy in place."
Technical Director at UKFast, Neil Lathwood said: "BYOD can prove valuable, allowing SMEs to be more responsive, flexible and up to date. However we need to ensure our partners and clients are fully aware of the risks involved and informed as to how these can be mitigated."
The panel offered with the following advice for businesses concerned with the potential impact of BYOD:
- Recognise that BYOD is the latest off-shoot of general network security. Companies should go back to basics and ensure they have robust security provisions, and work from there.
- Consider why BYOD is necessary in your organisation. Who needs access and what for? Identify these crucial elements and build a policy from there.
- Practically speaking, businesses can:
- Remove access to corporate information which can be copied from network computers onto portable devices
- Silo the data to create data pools of specific data sets
- Limit access to these data pools