Protecting corporate data in the BYOD era
What is BYOD? The acronym stands for Bring Your Own Device. In French: Apportez Votre Equipement personnel de Communication (AVEC). Basically, your employees use their own device (phone, tablet or computer) in the workplace. What impact does this have on your company's data security? Find all our advice in our section dedicated to the use of antivirus software.
The growing success of BYOD
More practical
Employers are obliged to provide their employees with the resources they need to carry out their professional duties. Personal tools can only be used in a subsidiary capacity. Often, however, employees leave their work computers at the office and continue to use their personal tools on the move. This is not contrary to the French Labor Code. And it's BYOD.
Less restrictive
Companies equip certain employees with business phones. These are generally sales people, who travel a lot. Nowadays, we're gradually getting used to having everything at our fingertips: via our smartphone or tablet. Without necessarily holding a nomadic position, people may want to have free access to their email and work tools, wherever they may be. To meet this expectation, it is in the company's interest to authorize BYOD. This allows people to work more freely. This makes the company's operations all the more attractive to its employees.
Is BYOD a threat to your company?
A question of responsibility
The employer is responsible for the security of the company's personal data. This includes data accessible on external terminals, as is the case with BYOD. However, they do not have physical or legal control over these devices. Insofar as its authorization has been given, the CNIL (Commission Nationale de l'Informatique et des Libertés) considers that its responsibility is engaged.
A risk for your data and your IS (Information System)
To control the risks associated with BYOD, you first need to identify them. They encompass three aspects:
- Data integrity and confidentiality. Let's say your mailbox is open on your smartphone and freely accessible, with no need for identification or a secret code. Anyone can, without your knowledge, consult your e-mails and obtain sensitive company information. The risk of leakage or industrial espionage is linked.
- Data availability. You need to think about the consequences of having more devices connected to the network. An unplanned overload can make data unavailable from time to time. For example, employees' personal BYOD devices can slow down company operations.
- General compromise of the company's IS. Via a personal terminal, an external intrusion can infect the system (virus, Trojan horse...).
These risks need to be identified in the light of your company's specific situation: what equipment is involved? Which applications? What data? These risks then need to be weighed up in terms of severity and likelihood.
How can BYOD be secured?
Securing devices
Various measures can be put in place to extend the protection of company information to BYOD devices. You can :
- Set up secure remote access to company applications and data: using a robust authentication device such as an electronic certificate or smart card.
- Encrypt information flows (VPN, HTTPS or other).
- Create a security bubble by partitioning off those parts of the personal device that are used for business purposes.
- Protect BYOD terminals against malware by equipping them with a security solution or dedicated protection programs.
- Establish a procedure in the event of loss or breakdown of the personal terminal. In this case, the network administrator must be immediately informed, so that business data stored on the terminal can be remotely erased.
A solution for your protection
Antivirus software solutions help coordinate these cybersecurity actions. Bitdefender, for example, provides your system administrator with a unified Cloud console. It enables you to remotely deploy and manage your entire digital infrastructure: workstations and servers (physical and virtual), Exchange mailboxes and mobile devices.
Administrators can easily define corporate security policies and create reports. All data associated with antivirus and anti-phishing scans - malicious urls, suspicious programs, etc. - are listed and catalogued in the Cloud. This really does lighten the load on your local server. Device protection, on the other hand, remains physically present on devices.
Data protection is a crucial issue for both large corporations and SMEs. The growing practice of BYOD is driving the need for powerful IT detection and protection solutions. So that work continues to be an attractive option, without threatening the company's IS.