image of bring your own device byodBring Your Own Device (BYOD), the new trend where employees are using personal mobile devices to access business networks such as file servers, databases and email, is an attractive concept to some independent retailers. Many organizations believe mobile computing increases the efficiency and effectiveness of their workforces, and they like the idea of saving money on the purchase of technology.  According to a recent Cisco study, 95 percent of respondents’ organizations permit employee-owned devices in the workplace, and 76 percent of respondents categorized BYOD as somewhat or extremely positive for their companies. Cisco says it expects the average number of connected devices per worker to reach 3.3 by 2014, up from an average of 2.8 in 2012.

While BYOD appears to be here to stay, it presents huge challenges, starting with device compatibility. There are many operating systems in the land of smartphones, such as iOS, Android, Windows, Blackberry, and Ubuntu Linux. Employees’ personal devices may or may not be compatible with a business’s devices, or the devices of fellow employees. More importantly, BYOD increases the risk of security breaches, and the risk grows with each new device granted network access. An employee can unleash malicious code while checking email from an unpatched iPad, or can compromise a company’s private data by leaving a phone in the wrong place at the wrong time. If an employee uses a smartphone to access privileged company information, the data stored on the phone could potentially be retrieved by another person. User awareness is a key element of mobile device security. Therefore, it is a good practice to provide security awareness training to employees who use their mobile devices for work.

In addition, security and compliance may boil down to controlling the data, not the device. One of the more popular strategies for managing BYOD is Mobile Application Management (MAM). MAM focuses enterprise resources on managing data by taking charge of the apps that can access that data, while leaving employees in control of the devices they own. MAM allows organizations to mandate encryption, set and enforce role-based policies for applications including how they store and share documents, and even remove data and suspend apps when an employee leaves the company or loses a device. In other words, business owners can ensure that sensitive data never leaves their customer relationship management app without limiting how employees use their devices on their own time.

Allowing employees to use personal mobile devices to access business networks can increase productivity, but it can also make a business vulnerable in the areas of security and privacy. Independent retailers should carefully consider the pros and cons of BYOD, and formulate and implement a clear plan to reduce the risks, before allowing employees to access privileged data on their mobile devices.