At any point in the day, you will likely see the posture that has come to define our generation - people hunched over their smart phones looking like they have something important to do whether its email, social media, or entertainment.
Forrester estimates that 29% of the global workforce is an anytime, anywhere worker. This number has risen from the 23% of the global workforce in 2011, and will expect to see 905 million tablets in use for work and home globally by 2017.
As smart devices continue to play a key role in our personal and work lives, we are also starting to see glimpses of the future. The digital domain is creeping off our desktops and onto our bodies. Wearable technology in its infancy stage already looks set to redefine how we interact with computers and the world. IHS Global Insights estimates that wearable technology will be worth US$30 billion by 2018, up from US$9 billion in 2012. Wearable technology promises a future where information is sent to you without asking, essentially changing the face of BYOD. However, before the future of BYOD becomes a reality, we first need to start with the basics.
Back to Basics
Earlier this year, a major technology company reported that half of its customers with a BYOD policy have experienced a security breach. A recent survey of LinkedIn's Information Security Group revealed that 75 percent of respondents said loss of company or client data was their top security concern with BYOD. A Globo study found that companies were not communicating their BYOD policies to employees, with 91 percent of respondents saying that they do not know if their company plans to implement a BYOD policy.
My opinion in the BYOD movement is that we have to acknowledge that these trends are bound to happen. It's how businesses take control and manages it that makes the difference. As the use of personal devices increases, businesses are struggling to strike the sweet spot between security and employee freedom of choice.
Someone Call Security!
At its most basic level, any company networked device from multifunction printers to personal devices, needs to be protected against both malicious attacks and simple employee carelessness in order to keep data out of unauthorized hands. At Canon, we believe that device security should not be a separate layer but should come integrated into the device. While we integrate security features for all our products, the same strategic framework of processes, people, and technology can be extended to personal devices.
Improvement in Processes
BYOD security is two-fold. Firstly, security starts with the device itself. This includes screen-lock, pin codes, and data encryption. Secondly, BYOD policies must be in place that includes anti-virus and preventing jail breaking. This provides a baseline foundation for compliance between the company and the employee that says these devices must participate safely on our network. Additionally, this gives employees the freedom of choice when it comes to their device.
Another point to note when it comes to implementing processes is that there is no exception. Reports have shown that some C-level executives are an exception to the rule, essentially an open invitation for data loss and serious compliance issues. C-levels will have access to the most critical data and giving them exceptions to BYOD policies are a security risk that could backfire in a big way.
Improvement in People
With baseline processes in place, changing your employees' mindset to place security as a priority through educating them on policies and guidelines are equally important to manage expectations and avoid abuse. Employees who do not have a security mindset are typically reactive, complacent, or simply unaware when it comes to potential security problems. This attitude frequently places the organization at risk.
Some examples of lack of vigilance include leaving sensitive information unguarded in a public area, assuming that data and knowledge are secure within the organization.
When employees adopt a security mindset, they are armed with the knowledge to think about security in a proactive and adaptable way, mitigating any security incidents. Other benefits include being more wary of data leaks, proper evaluation of vendors to ensure they adopt security best practices, and compliance with company standards for personal devices.