Bring your own device, not your problems

Allowing employees to use their own devices in the workplace can introduce new security risks.

Sign Up

Get the New Statesman's Morning Call email.

Flexibility is the ongoing trend of the 21st century working environment. In many cases, bring your own device (BYOD) is an integral part of the conversation. It improves productivity, allows companies to omit requirements on fixed hours, and can remove the significant expense of office space and equipment. But there are also problems when it comes to using personal devices for work purposes. If unencrypted devices are lost or stolen, third parties have potential access to confidential data, resulting in dire effects for an organisation, threatening its reputation and finances, in part due to the EU’s GDPR legislation.

So, how do you reap the benefits of BYOD, while ensuring the integrity of your data security? The answer lies in education, strict security policies and hardware encryption. There is still a long-standing variable within the human element/insider threat factor, which contains the issues of lax standards and policies, along with lack of accountability and responsibility. Data, personal identifiable information and confidential information are still the key elements in need of our most profound protection.

Recent breaches, exposures and compromised assets have highlighted that most of these incidents were from preventable mistakes that we allowed to happen. Simple oversights ranging from lack of attention, prioritisation of proper standard and policies and procedures in place were the culprits in the majority of incidents.

How secure your data is depends on the kind of encryption you use. Knowing the differences between them should affect your IT policy. Careful planning and adequate training ensures employees are still able to bring their own devices to work, while sensitive company data remains protected. Beyond SaaS and software encryption, employees may need to store data on local devices.

How do you mitigate risks in this scenario? Hardware-encrypted solid state drives (SSDs) provide end-to-end data protection. It’s essential that anyone working remotely with a laptop equip themselves with SSDs that are hardware-encrypted. There is a whole host of features to protect BYOD and mobile users, such as leveraging data loss prevention (DLP) software suites with compatible self-encrypting drive SSDs or TCG Opal 2.0, to Bitlocker hardware-encrypted solutions such as eDrive.

I always challenge companies that present or pitch at our offices about the devices they are using and I am shocked at how many have overlooked using a hardware-encrypted SSD. When you need portability, USB drives are an essential tool for data transport and backup. But while their size offers mobility, it does also make them easy to lose. For a small price, hardware-based encryption built into external USB devices mitigates this risk. The top-of-the-line Advanced Encryption Standard (AES) 256-bit used in high-end encrypted USB drives is secure enough to be FIPS-certified, endorsed by government organisations.

Agreeing to BYOD requests may seem like an inexpensive and simple way to create a relaxed working environment. But without taking a few precautions, the potential risks to company data security could prove costly. Enforcing a solid hardware encryption policy allows you to embrace the BYOD culture without adding risk, cost and expensive tools.

Robert Allen is director of marketing and technical services at Kingston Technology.

For more information, please click here.