"Business agility is more important than the law"
By Catherine McFarland • 01 May 2014
Our latest *survey results have revealed the alarming opinion of nearly one in four (24%) business and IT managers: that business agility is more important than the law. But why should you sacrifice one for the other? Business agility and the law can go hand-in-hand. Here’s how it works with BYOD (Bringing Your Own Devices).
Law firms claim increase in BYOD enquiries
With the rising trend of Bringing Your Own Device (BYOD) into the work environment, some law firms are reporting an increase in BYOD-related legal enquiries. For small and medium sized businesses (SMBs), the attractions of agility and speed that come with personal device use for work, can sometimes outweigh the attention needed on avoiding BYOD-related security and legal issues.
And while the Information Commissioner’s Office isn’t holding back on fining organisations that have breached the Data Protection Act, they have so far been mainly public sector bodies in the firing line.
But it looks like that could be changing. The ICO has recently fined a charity £200,000, and publicly named and shamed the Royal Veterinary College after a BYOD breach was discovered on a personal camera.
The BYOD law-breaker
So why is it so easy to break the law simply by using your personal mobile device for work purposes?
Usually, breaches are down to human error or negligence. Poor use of pin codes, encryption and security updates on personal devices allow an employee very easily to expose sensitive corporate data - such as customer information. A poorly managed device is more susceptible to viruses, phishing attacks – and confidential data is more at risk if they lose their device in a public place.
This is a big problem for SMBs, who need to be agile to be competitive, but don’t necessarily have the resources available to manage the legal and security side of protecting their data and systems in a BYOD workplace, in the same way larger organisations can.
The benefits of the agile business
Mobile devices support business agility, helping your business:
- Be faster to market
- Deliver greater, more accurate business value - customers get what they want, when they want it
- Be more transparent – a big plus for customers, stakeholders and workers alike
- Hold onto and nurture more satisfied customers, stakeholders and workers
9 critical areas for BYOD compliance
So, if you want to enjoy the benefits of speed and agility with BYOD, yet avoid legal repercussions, make sure you’ve addressed the following issues.
- The employee’s right to privacy versus the business’s requirements
- Responsibility for protecting customer data, including where it’s stored, how it’s transferred and the potential for leaks
- The use of pin codes and encryption
- The personal device’s security capabilities
- Steps to take in case of loss, theft, failure of the device.
- The implementation of ISO 27001 – international information security accreditation
- Relevant, sector-specific regulations
- A BYOD policy – signed by your employees
- A staff exit process, for if the person who owns the device leaves their employment.
To help businesses manage BYOD, we’ve written a series of five e-books called THE BYOD BIBLE. You can download e-book three here: “The 10 commandments: the law – and how to avoid a diabolical £500,000 fine”.
In case you missed the first two, you can download them here: E-book one: Man created the mobile device and saw that it was good – for business.E-book two: The Seven Deadly Sins – how not to manage BYOD.
Share this post