printer friendly version

BYOD

Does your company’s risk management procedures cover employees using their own technology?

The technological environment continues to advance at a rapid rate, meaning employees are often purchasing laptops, tablets and smartphones more advanced than their employers can provide in the workplace. This is leading to corporates feeling the pressure of allowing employees to use their own devices at work.

There are clearly advantages and disadvantages in applying such practices within the working environment and it is imperative that a company’s risk management procedure includes IT related issues. It is also highly recommended that these assessments are performed on a regular basis and conducted by an independent assessor who is aware of current security risks associated with IT processes and equipment.

At the recent Security Africa Summit held in Cape Town, many of the leading global security professionals identified IT risk as a major issue but found it alarming that IT and risk are often not linked and engaged when assessing risks and writing policies.

According to technology writer Erik Sherman, allowing employees to work on their own devices creates issues when a company wants to regulate and monitor computer use, to either manage regulatory compliance or track individual productivity, as they are most likely not the only persons utilising the device. Additionally, multiple users provide multiple opportunities for a malicious website or e-ail to be unwittingly opened, infecting the computer, or for an individual to steal highly sensitive information.

Ownership of devices and software also becomes an issue. If an employee is using his or her own device and software and information is then loaded onto the computer, who owns the software or information?

Once your corporation has conducted the necessary risk assessments, policies and procedures need to be established and employees need to be made aware and regularly reminded of these standards and expectations. Also, the human resources and communications departments need to develop regular campaigns to ensure awareness of the relevant policies.

Effective communication

A recent example of lack of communication and understanding was brought to my attention. An IT employee at a South African subsidiary of an international corporate downloaded software onto his laptop at work and due to an audit conducted in the United States, this practice was deemed illegal and the company was fined $1 million. The employee claimed he was not made aware of such policies or procedures.

Often, risks can be prevented from the get go, so to speak. Thorough employee screening (pre-employment and in service) should be done to ensure that people have the appropriate motives for seeking work within your organisation and would be the best fit for the relevant position and corporate culture. It should be remembered that often competitors or syndicates infiltrate organisations by sending staff members for interviews, who are often successful in obtaining employment.

Technology has become a way of life, very few people, households and corporations are not affected by its use and development, therefore it is essential to consider all facets of utilising technology in your workplace and the risks associated with it.

Share this article:

Further reading: