As technology evolves and the drive to have instantaneous access to information increases along with it comes the added exposure of having a data breach. This is very evident when employers allow their employees to use their own personal devices to conduct company business while at the office and access company information remotely. There are many schools of thought regarding allowing employees to use their own devices for their daily work. Many feel allowing an employee to use their own device will make them happier, more comfortable and more productive. Others cite the savings to an employer by not having to purchase these devices for employee use or invest in the training of employees on how to use these devices. These are valid points and certainly have merit as this business trend will continue to proliferate.
However, along with this contemporary way of thinking and conducting business comes the increased exposures to a breach of an employer’s confidential customer and employee data. An employer needs to clearly state and enforce what an employee is allowed and not allowed to do with these devices. Rules should be in place that govern the type devices that are allowable and what type of information these devices can access, store and transmit. If remote access is allowed the employer needs to be proof positive these devices are properly protected and secure. These devices should be encrypted and randomly spot checked by the employer to confirm encryption software is in place and utilized. The employer is responsible for the actions of its employees while the employee conducts their daily work in the office as well as when working remotely. The rules set by an employer should be carved in stone. Since the employer ultimately bears the responsibility for the actions of its employees when conducting company business these rules should be non-negotiable.
Any company that does not set and enforce these guidelines is setting itself up for serious exposure risks and the inherent costs they will bear as a result of a data breach. Coupled with the potential loss of customers, revenues, reputational harm and possible legal expenses a company may incur due to a data breach it is far less expensive to establish and enforce the rules regarding the use of these devices beforehand. There is no way to insulate a company 100% from suffering a data breach, but there are ways to mitigate the exposure to a breach by having solid and enforceable rules in place.