Data protection at stake when companies implement BYOD

Companies that implement a bring your own device (BYOD) policy in their workplace might have to review their security measures and make sure they have disaster recovery plans in place in case of a data breach or hack.

Graeme Batsman, director of Datadefender.co.uk, noted that BYOD has existed for a number of years but has only recently become a recognised concept and problem.

While firms could save money by not paying to pay for office USB drives and hard drives, they should also be aware of the security risks of allowing employees to work with their own equipment.

"By [allowing] staff to freely use their own devices, a '£5 data breach' can happen. Forget spending tens of thousands of pounds on advanced firewalls and antivirus, data breaches usually happen due to the people element," he warned.

BYOD also opens up "a whole can of worms" with regards compliance and technical issues.

"If a company supplies staff with USB drives, then it has the right to enforce full drive encryption. If a staff member brings their own, then it's not the company's property, nor is the data," Mr Batsman noted.

He pointed out that compliance is a particular problem from a data protection point of view, because companies that allow BYOD no longer have control of data or keep audit records.

"A staff member who leaves may not remove the data and if it is lost one year down the line, it will sting the company after the employment period. Sensitive data is no longer within four walls or within a certain country."

Meanwhile, a Scottish council has been fined £140,000 for breaching data protection laws after it released details of vulnerable people to the wrong individuals.

Midlothian council was found by the Information Commissioneris Office to have broken the law five times by sending reports about children to incorrect addresses and agencies.
 

• Small businesses 'losing millions' to fraud and security breaches

  

  23rd May 2013

  Small companies could be held back from expanding and making profits because they are afraid of the growing risk of cyber attacks and security brea...

• Security firm warns mobile malware is on the up

  

  15th May 2013

  Thanks to the convenience of tablets and smartphones, many businesses are now allowing employees to use them outside the office to do their jobs wh...

• Solihull Council finds BYOD works well for its staff

  

  13th May 2013

  Lots of companies have begun trialling 'bring your own device' (BYOD) programmes over the past few months and many are already finding it offers lo...