Now that people in many organisations expect to be able to use their own mobile computing devices at work, it may be time to update business continuity plan best practices. At the moment, the BYOD (Bring Your own Device) challenge seems to have caught enterprises on the hop. Managing the use of tablets and smartphones when they were issued by the company was already a challenge. Trying to cope with devices brought in by employees has raised the level of difficulty yet higher. How will organisations encourage productivity without laying themselves open to breaches of data security that could destroy the business continuity they seek to create?
There is more than one route open to firms in terms of a business continuity plan best practice in this situation, and probably more than one route necessary was well. IT security tools are one way to reduce the potential risk of the compromise or the theft of data from non-company-owned devices. Solutions are already available to allow IT managers to define which kind of data can be downloaded into which kind of device. They can also require the installation of software to allow devices to be “wiped” remotely, for example, in case of device loss or employee departure.
Yet just as business continuity goes further than just IT, so should business continuity plan best practices. Instigating and nurturing the right information security culture is another route towards dealing with the inherent risks of BYOD. By defining the right policies and guidelines for personnel to follow, and then checking for overall understanding and application, companies can lessen their exposure to security breaches of any sort. BYOD then turns out to be the tip of the iceberg, visible simply because it is the latest challenge to manifest itself. Specific measures may be in order, but common sense rules and directives should be applied as appropriate as well.