Six steps to manage the BYOD information risk

The world of technology is moving fast. In this era of consumerisation, BYOD (Bring Your Own Device) is here, and it is here to stay. The rapid expansion of workers using their own laptops, smartphones and tablets for work purposes is not a fad. People are becoming more and more attached to their own individual devices.

This can be good news for businesses, but those embracing BYOD must do so with their eyes open and not take undue risk with their own information or that of their partners and customers.

To BYOD or not to BYOD, you might ask? Do the risks outweigh the benefits?

Can you hold back the tide?

A third of Gen Y would ignore a policy banning BYOD – Fortinet, June 2012

Even when companies have addressed the BYOD phenomena by putting policies in place about what workers can and cannot do on these devices, the chances are that they are largely ignored.

A survey ( Fortinet – June 2012 ) of nearly 4,000 workers in their twenties revealed that although 42% recognised the risks to data loss and malicious threats, a third of respondents were still willing to bypass corporate security policies and controls and use their devices anyway.

When considered alongside the recent Ascentor survey ( Meet the Information Saboteurs – aka, your employees ) that indicated that more than half of the employees surveyed would deliberately use information to sabotage their employer’s company, the real risks of BYOD come into sharper focus.

6 steps to manage BYOD information risks

You can and should embrace BYOD as long as you take steps to manage the associated risks. Here is how.

  1. Produce a BYOD policy that defines policies, processes and procedures to protect intellectual property and sensitive information. The policy must support the business and must make sense.
  2. Communicate the policy widely and back it up in training sessions and team management meetings. Set expectations so everybody knows what will happen if a device is stolen or lost. Every user must know the backup approach, the retention policies, the wipe-out capabilities, etc.
  3. Assign roles in the organisation for people responsible for using BYOD: Data owners and business unit managers, IT support staff.
  4. Know where the data is stored, how it is transferred, and to whom. Perform regular audits to understand how the information is being used. Use Isaca’s BYOD audit programme, available here.
  5. Control and secure the devices. Include the devices within the corporate asset management programme so that they can be patched and supported to reduce potential vulnerabilities.

BYOD, like any other form of using data, is a business, not a security problem. Involve operational managers, human resources and IT departments so that, together, you can find the right balance for the BYOD challenge.

What now?

People are becoming more and more attached to their own individual devices and are more effective when allowed to work their own way. You will not stop the tide. It is possible to embrace BYOD and manage the risk. The key is to follow good information risk management practice.

Article by Steve Maddison, Director and Principal Consultant at Ascentor.

Further reading:

Written by


Receive the latest Cyber Security News and Content

Fields marked with an * are required


Ascentor Ltd is committed to protecting and respecting your privacy, and we'll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Ascentor Ltd to store and process the personal information submitted above to provide you the content requested.

Green Bird - White top right

Contact Us

Your cyber security challenges and our pragmatic approach – we could be the perfect fit.
Contact the team at Ascentor for an informal chat.

Get in Touch