Businesses benefit greatly from bringing your own device, or BYOD. But are you aware of the liability implications of bringing your own device?
BYOD can happen under the radar or as part of a specific corporate policy in which an organization lends its support to personal mobile devices or even provides a stipend to employees allowing them to purchase a device such as laptops, smartphones, and tablet PCs.
This article got you covered, thankfully. As you will find the liability implications of BYOD and the insurances you might need in this article.
What exactly is BYOD?
The number of businesses that allow and/or encourage their employees to use their own cell phones, laptops, or tablets for work purposes is rapidly increasing.
Related articles: Can you get insurance coverage working from home?
And there are significant cost and convenience benefits for businesses that implement “Bring Your Own Device,” or “BYOD” policies. So much so that, according to a 2017 study, more than half of employers required employees to provide their own devices.
However, there are some risks. And businesses must guard against these, whether they actively encourage or simply tolerate the practice.
BYOD History
Despite the fact that the term was first used in 2009, BYOD did not become widely accepted until 2010.
With personal devices flooding the workplace, CIOs began to feel the pressure, and it was around this time that Android began to gain traction and the first iPad hit the market. As a result, an increasing number of tablets and smartphones were now being used in workplaces, and IT continued to allow Bring Your Own Device (BYOD) without providing much support.
Many businesses have even begun to block personal devices from accessing their mail servers and networks. In 2010, Apple released iOS 4, which included the first APIs for dealing with mobile devices. IT and organizations have realized that they cannot continue to ignore Bring Your Own Device.
BYOD programs and official support were introduced much more quickly in the workplace in 2011. Company executives were starting to feel more at ease typing on touchscreen keyboards, and the enterprise mobility market was changing rapidly.
Bring Your Own Device (BYOD) As a result, the way organizations provided access to their computer networks changed. Traditionally, a school or business’s IT department would create closed networks that could only be accessed by computers owned by the school or business. Students and employees will be able to connect to more open networks using their own smartphones, tablets, and computers.
The BYOD movement was sparked by the rising popularity of tablets and smartphones, as well as lower laptop computer prices. Individuals who previously relied on organizations to provide them with hardware for work can now own devices capable of performing the same functions.
The Benefits of a Bring Your Own Device Policy
A Gartner report from 2013 estimated that providing employees with mobile devices could cost up to $600 per person per year.
Furthermore, while some companies provide additional compensation to employees as part of their BYOD programs, this is not required. As a result, many businesses can realize significant direct cost savings by allowing employees to use their own devices rather than providing them.
BYOD can encourage employees to stay engaged and connected with colleagues and the office after hours, resulting in significant increases in productivity. Furthermore, there is evidence that allowing employees to use personal devices may increase employee motivation and job satisfaction.
The Potential Dangers
Unfortunately, poorly defined or managed BYOD policies can result in significant additional liabilities.
Businesses in industries such as health care or finance, for example, may face severe regulatory penalties for data breaches. These penalties will be in addition to any damages awarded in court. They will also apply if the breach was caused or facilitated by a personal device.
Second, there is a risk that employees will not be as diligent in updating their own devices’ operating systems, firewalls, and anti-virus software as a corporate IT department might be.
Employees using public Wi-Fi connections while away from the office can provide hackers and malware distributors with a golden opportunity to gain access to corporate systems and data. Of course, physical loss or theft of a device remains a risk whenever it is not on business premises.
Another consideration is employee departure, whether voluntary or through termination. The deliberate misuse of data stored on personal devices by disgruntled former employees is an obvious risk. However, you must also guard against the compromise of data or passwords that have been inadvertently retained by employees who have left on good terms.
You should also be aware that data stored on employees’ devices is frequently included in the discovery process in liability litigation. And this procedure will apply regardless of whether your company has a formal BYOD policy.
As a result, regardless of their merits, liability claims may become significantly more expensive to defend.
How Can Businesses Reduce BYOD Risks?
With the BYOD concept becoming an unstoppable force across the business landscape, managing a slew of mobile devices has become a critical consideration for all businesses.
Businesses now require a platform that allows for high levels of oversight and solid data protection as their fleet of mobile devices grows. A MDM system is now required for tracking mobile device usage and has the ability to wipe devices if they are lost or stolen.
A variety of measures can be implemented by organizations to help mitigate BYOD risks. Among these measures are:
- Remote wiping
The concept of remotely deleting data from a device is referred to as remote wiping. This includes overwriting stored data to prevent forensic recovery and resetting the device to its original factory settings, rendering any data ever stored on it inaccessible to anyone.
- Profiling of risks
It is critical for organizations to understand their own data protection requirements. This is especially true in regulated environments where there may be compliance requirements, as well as the compilation of a risk profile. International deployment and compliance requirements, for example, are two situations where Bring Your Own Device risk levels are particularly high.
- Keeping current
It is critical to keep browsers, operating systems, and other applications up to date with the most recent security patches. Staying current ensures that the devices of employees leaving the company are properly wiped of corporate data.
- Device tracing
Every company should have a strict device tracking policy in place. This will assist them in remaining constantly aware of the location of all company devices, whether in use or not. Visitors’ devices should also be monitored.
- Data isolation
It’s a good idea to restrict access to enterprise data based on an employee’s job role. This is where Next Generation NAC comes into play. Smarter data provisioning ensures that only the information that is absolutely necessary is accessed. Furthermore, segregation and VPNs can prevent sensitive data from being leaked after hours via shady public wireless hotspots.
How to Avoid the Liability Consequences of Bring Your Own Device
See below;
A formal BYOD policy
The first and most important step in mitigating the potential risks associated with BYOD is to create and implement a formal written policy that all employees must follow.
Finally, policy compliance should be a condition of your employment contracts, allowing you to exclude certain liabilities, most notably for device loss or damage.
It is obvious that BYOD policies will be detailed and complex documents, so thorough staff training in their implementation must be an essential component of risk mitigation.
Insurance Implications of BYOD
Even when the best security practices, measures, and policies are in place, business data can become vulnerable to hackers. This is the point where cyber liability insurance comes into play.
Insurers have a thorough understanding of the concerns and risks associated with BYOD and can thus identify specific pain points and provide the necessary protection to commercial customers. It is also critical for insurers and businesses to understand the unique risks associated with BYOD in order to provide appropriate coverage if vital information is compromised.
Even if the best security measures, practices, and policies are in place, business data can be compromised by hackers. This is where cyber liability insurance can come in handy.
To accomplish this, the insurance industry will need to stay ahead of the curve in order to ensure that products are in line with BYOD trends and new areas of exposure, such as who is responsible for stolen data and resulting losses, even if devices are compromised outside of the workplace.
Because BYOD allows employees to be “always on,” insurance coverage for a business must be as well.
Companies and insurers must be aware of the unique risks associated with BYOD in order to provide adequate coverage in the event that critical information is compromised.
In Conclusion
Bring Your Own Device (BYOD) continues to be a significant opportunity and challenge for businesses.
You need a BYOD security policy if your company allows employees to bring their own computing devices to work, whether they are smartphones, tablets, or laptops.
Smartphones and tablets are now so prevalent in the consumer market that nearly every employee comes to work with their own internet-connected device. This increases the likelihood of an employee introducing security risks into your organization.
Editor’s picks
10 Top Insurance brokers in Birmingham
How to Become an Independent Insurance Broker