Posted on: March 10, 2017in Blog
BYOD Privacy: 6 Considerations to Protect Your Business
We live in a world where corporations are working harder than ever to balance legal and regulatory obligations with business efficiency. This continued expansion of electronic data, partnered with the blurred lines between business and personal information, is straining already stretched legal departments. All of this leads to adding privacy and data leaks to the top of the list of growing concerns for organizations.
The rapid proliferation of ‘bring your own device,’ or BYOD, has created an extra layer of potentially nightmarish scenarios that can keep an organization’s C-Suite up at night. While there are many benefits to having employees access company data 24/7, in order to protect sensitive data and minimize the likelihood of data security leaks, it is important to consider established best practices.
First, there is no “one size fits all” approach. Second, BYOD policies should harmonize with existing information governance policies, employee handbooks and the like, specifically referencing those sections that address the handling of confidential and proprietary information.
When creating a policy, feedback from the C-suite, Legal, IT, and HR teams must be taken into account as they all have a stake in this process. Some areas that BYOD policies should address to minimize data privacy and security leaks are the following:
1. Applicable Device Guidelines
What does BYOD cover? Does it pertain to any device capable of accessing the network or does it simply mean all smart phones?
Different operating systems and nuances with Apple, Android, BlackBerry and Windows devices should be considered when creating your policy. Download this white paper to get ahead of future legal hold and preservation challenges.
What about tablets, employee-owned personal laptops or wearable technology like watches or glasses? Make sure you have clear guidelines on what devices must abide by the policies.
2. Security Codes
Employees generally resist having to enter a four-digit pin or password every time they enter their phones, but this important step. If the phone is lost or stolen, it makes it that much harder for someone to access the mobile device data.
For those organizations that are publicly traded or dealing with confidential information, it is even more important to have this element in place.
3. Remote Wiping
Short of accidentally deleting that document that we have been working on, there are few IT issues that give us greater pause for concern than completely wiping personal items like pictures from your phone. Unfortunately, IT must have the ability to remote-wipe a missing mobile device.
Employees must be conditioned to know that their FIRST call when a device is lost or stolen must be to IT. If an employee’s first call upon losing a phone is to their mobile carrier, the carrier will turn off the device — and with it the ability to remote wipe any data from it.
Banning the installation of apps, other than those downloaded from iTunes or GooglePlay, will significantly reduce the risk of installing viruses or malware that can put sensitive data and your entire network at risk.
5. Jailbroken Phones
A 'jailbroken' phone is when a user removes the mobile device operating system or carrier settings. Any modified phones should be banned as they are more likely to contain malware.
6. Separated Employees
Whether voluntary or involuntary, a well-constructed BYOD policy needs to address what happens with the data that lives on a device when an employee is no longer an employee of an organization. Make sure your policy includes a protocol to reacquire or wipe all corporate information on the device is a best practice to support data privacy.
Before wiping a device, be sure that there is no further need for the data or it won't become necessary evidence later on. Your policy should indicate how long data should be preserved if there is any possibility that the data will need to be used for investigative purposes, or if there is threat of intellectual property theft.
Far from being an exhaustive list, the above suggestions are meant to assist an organization in beginning the conversation around the creation of a thorough BYOD policy. Although it is unlikely that any policy created can completely limit all potential exposure of confidential data, a well-documented and adhered to policy will limit liability as well assist in protecting trade secrets, personally identifiable information and breaches to the corporate network.
- 4 Things to Consider about iPhone OS for an MDM Policy
- 5 Things You May be Leaving Out of Your BYOD Policy
- 3 Methods of Mobile Device Extractions and the Data Each Contains
- 5 Cases that Highlight the Challenges of Mobile Device Preservation
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted April 12, 2018
Recent Accolades Reinforce Why D4’s Powered by People
Posted April 05, 2018
Checking Out Batches in Relativity
Posted March 29, 2018
Control the Cost of eDiscovery: Do You Know What to Outsource?
Posted March 22, 2018
Quick Guide to Coding Records in Relativity
Posted March 15, 2018
From One End to the Other: The True Benefits of an End-to-End eDiscovery Solution
Posted March 08, 2018
Helpful Tips and Tricks for Searching in Relativity
Posted March 01, 2018
7 Tips for Managing Remote Teams for eDiscovery Projects
Posted February 15, 2018
Types of eDiscovery Data to Consider for Your Retention Policy
Posted February 15, 2018
Guide to GDPR Success
Posted February 08, 2018
What is eDiscovery? 4 Common Questions for Beginners