Many small businesses across the country are now playing a potentially dangerous game with regard to the ways in which they allow employees to transfer and carry sensitive data, and that could put them at risk for a breach. As a consequence, making sure there is adequate tech insurance in place before allowing for this new trend is often of the utmost importance.
It can be expensive and difficult for small business owners to buy a number of devices for every single employee, even if they need it, according to a report from the tech magazine Wired. However, many people may already have these devices that they rely upon for personal use in their everyday lives. Therefore, the decision to allow a “bring your own device” atmosphere at the office may be very enticing to many small business owners. However, doing so could put them at risk for a rather grave security problem if they are allowing sensitive client or customer information to be stored and transferred between personal and professional machines.
For instance, owners will have to consider how they will properly protect their employees’ personal devices in the same way that they do for those they bought specifically for the company, the report said. Having anti-virus, anti-spam, anti-spyware and firewall protection on all office PCs may be easy, but doing the same for all devices brought into the workplace probably will not be, and this is probably true especially for companies that do not have a dedicated IT professional on the payroll. Moreover, even after the loading of these programs is completed, if it can be, it might be difficult to monitor how well those devices are handling outside threats, and that employees who own these devices are following best practices to safeguard whatever is stored on them.
This may also pose significant problems for companies when a person stops working there, as well, the report said. Businesses will need to be assured that the necessary information can be taken off that person’s device before they do so, or else it could pose a significant data breach risk.
What else could be at issue?
Of course, there are more things to worry about when it comes to a data breach than that, the report said. For instance, what if a person is storing important files with sensitive information for a large number of clients (credit card data, for instance), and then their phone or laptop is lost or stolen? That creates a data breach situation even though no business-owned devices were affected. The same is true for employees who accidentally attach the wrong files when sending a personal email, and such a mistake could leave companies vulnerable to data breach issues.
Employees may also be more likely to deal with their own devices differently than if they were on a PC or mobile device issued by their employers, the report said. They may be a little more careless with how they use them, such as by visiting sites or downloading files that they would not at work, and that in turn could lead to additional difficulties where security is concerned.
As a result of these considerations, employers will have to take the time to weigh the potential costs and benefits of such a BYOD plan for their offices specifically. If they find that the latter outweigh the former, then it may be wise to take on additional small business tech insurance policies designed specifically to protect companies from the financial fallout of a data breach, just to be safe.