Bring your own device (BYOD) policies have been widely heralded as the wave of the future, offering the workforce greater connectivity and saving employers on standard outfitting costs. But while BYOD programs have been implemented with much zeal, there are still some risks associated with them that must be considered, perhaps most alarming is the possibility of employee espionage that they could facilitate.
“This is one of the largest areas of theft. There’s a lot of talk about foreign attempts from other countries; I think that’s a problem, but the largest problem is from insiders,” says David Long-Daniels, co-chair of Greenberg Traurig’s Global Labor & Employment Practice
Any situation that allows an employee to connect to an organizations server using a device of their own opens up the possibility for the theft of sensitive information. According to Long-Daniels, most companies do not understand this risk until it’s too late.
“It can happen several different ways, and more so now since it’s a common practice for companies to allow their workforces to connect to their server,” Long-Daniels says.
Especially when companies at larger organizations seek employment at smaller upstarts in the same space, the trade secrets, practices and confidential information available to them can be particularly attractive, BYOD policies can facilitate the theft of that information.
Because of this risk, Long-Daniels says a review of your BYOD environment is critical. “What happens if an individual leaves and you don’t have a policy that allows you to wipe their device? One of the triggers for companies is to make sure they have a policy. Many companies haven’t updated this policy, or purchased technology that would allow them to wipe the relevant portions of information, and that is essential to mitigating risk.”
But the only true way to remain completely protected from these risks may be to avoid a BYOD program all together. Long-Daniels says there are two things he feels a company should consider as options before implementing a policy.
“First, I strongly suggest a company invest in devices for people rather than allowing BYOD policies. This gives them more control over the device, and the ability to retrieve it in the event an employee leaves,” Long-Daniels says. “The second is that a company needs to have a confidentiality agreement that passes muster in the state or areas where their employees are located. So if the person is based in California, you need to make sure that policy is enforceable under California law.”
Research indicates that BYOD adoption rates are likely to continue their trend upward, however as Long-Daniels points out, it’s still not a foolproof system and requires considerable analysis to implement effectively.